diff --git a/SECURITY.md b/SECURITY.md
index be586d975..0ab598440 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,7 +1,10 @@
 To report a security issue, please use the "Report a vulnerability" button on
-this page. Our vulnerability management team will respond within 3 working days
-of your report. If the issue is confirmed as a vulnerability, we will open a
-Security Advisory. This project follows a 90 day disclosure timeline.
+GitHub's Security tab for `jj`'s main repo, under
+[Advisories](https://github.com/jj-vcs/jj/security/advisories).
+
+Our vulnerability management team will respond within 3 working days of your
+report. If the issue is confirmed as a vulnerability, we will open a Security
+Advisory. This project follows a 90 day disclosure timeline.
 
 Feel free to email Jujutsu VCS Security at <jj-security@googlegroups.com> if you
 have questions.