diff --git a/SECURITY.md b/SECURITY.md
index 41745e204..837c78256 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,5 +1,17 @@
-# Security Policy
+# Reporting a Vulnerability
 
-## Reporting a Vulnerability
+Please do **not** report security vulnerabilities through public GitHub issues.
 
-Please report a found vulnerability here: <https://www.eclipse.org/security/>
+Please report vulnerabilities to this repository via **GitHub security advisories** instead.
+
+How? Inside affected repository → security tab
+
+for contributor:
+→ Report a vulnerability
+
+for committer:
+→ advisories → New draft security advisory
+
+In severe cases, you can also report a found vulnerability via mail or eclipse issue here: <https://www.eclipse.org/security/>
+
+See [Eclipse Foundation Vulnerability Reporting Policy](https://www.eclipse.org/projects/handbook/#vulnerability)