From 023a44904a9f1ddbb1866533e4d03048d040b456 Mon Sep 17 00:00:00 2001
From: Kynan Ware <47394200+BagToad@users.noreply.github.com>
Date: Tue, 1 Oct 2024 12:02:54 -0600
Subject: [PATCH] Update SECURITY.md

---
 .github/SECURITY.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
index 15f909b71..50e489c54 100644
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -2,7 +2,10 @@ GitHub takes the security of our software products and services seriously, inclu
 
 If you believe you have found a security vulnerability in GitHub CLI, you can report it to us in one of two ways:
 
-* Report it to this repository directly using [private vulnerability reporting][]. Such reports are not eligible for a bounty reward.
+* Report it to this repository directly using [private vulnerability reporting][].
+  * Include a description of your investigation of the GitHub CLI's codebase and why you believe an exploit is possible.
+  * POCs and links to code are greatly encouraged.
+  * Such reports are not eligible for a bounty reward.
 
 * Submit the report through [HackerOne][] to be eligible for a bounty reward.