diff --git a/.github/SECURITY.md b/.github/SECURITY.md
index 15f909b71..50e489c54 100644
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -2,7 +2,10 @@ GitHub takes the security of our software products and services seriously, inclu
 
 If you believe you have found a security vulnerability in GitHub CLI, you can report it to us in one of two ways:
 
-* Report it to this repository directly using [private vulnerability reporting][]. Such reports are not eligible for a bounty reward.
+* Report it to this repository directly using [private vulnerability reporting][].
+  * Include a description of your investigation of the GitHub CLI's codebase and why you believe an exploit is possible.
+  * POCs and links to code are greatly encouraged.
+  * Such reports are not eligible for a bounty reward.
 
 * Submit the report through [HackerOne][] to be eligible for a bounty reward.