Update vulnerability reporting instructions in SECURITY.md (#25651)

PubChimps · web-flow · commit 54b2d022b91e · 2026-01-30T14:03:09.000-08:00
Update instructions from email to GitHub report
diff --git a/SECURITY.md b/SECURITY.md
@@ -14,8 +14,8 @@ currently being supported with security updates.
 
 Reporting security issues
 
-If you think you have found a security vulnerability, please send a report to security@open-metadata.org. This address can be used for all of OpenMetadata products. 
+If you think you have found a security vulnerability, please create a GitHub Security Advisory [here](https://github.com/open-metadata/OpenMetadata/security/advisories/new). This can be used for all of OpenMetadata products. 
 
-OpenMetadata will send you a response indicating the next steps in handling your report. After the initial reply to your report, the OpenMetadata team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
+The security advisory should be open in a draft mode. After the initial reply to your report, the OpenMetadata team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
 
 Important: We ask you to not disclose the vulnerability before it have been fixed and announced, unless you received a response from the OpenMetadata team that you can do so.
