opencontainers · caniszczyk · Dec 1, 2016 · Nov 30, 2016
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -1,5 +1,12 @@
 ## Contribution Guidelines
 
+### Security issues
+
+If you are reporting a security issue, do not create an issue or file a pull
+request on GitHub. Instead, disclose the issue responsibly by sending an email
+to [email protected] (which is inhabited only by the maintainers of
+the various OCI projects).
+
 ### Pull requests are always welcome
 
 We are always thrilled to receive pull requests, and do our best to

diff --git a/GOVERNANCE.md b/GOVERNANCE.md
@@ -31,13 +31,6 @@ A quorum is established when at least two-thirds of maintainers have voted.
 
 For projects that are not specifications, a [motion to release](#release-approval) MAY be adopted if the tally is at least three LGTMs and no REJECTs, even if three votes does not meet the usual two-thirds quorum.
 
-## Security issues
-
-Motions with sensitive security implications MUST be proposed on the [email protected] mailing list instead of [email protected], but should otherwise follow the standard [proposal](#proposing-a-motion) process.
-The [email protected] mailing list includes all members of the TOB.
-The TOB will contact the project maintainers and provide a channel for discussing and voting on the motion, but voting will otherwise follow the standard [voting](#voting) and [quorum](#quorum) rules.
-The TOB and project maintainers will work together to notify affected parties before making an adopted motion public.
-
 ## Amendments
 
 The [project governance](#project-governance) rules and procedures MAY be amended or replaced using the procedures themselves.