diff --git a/SECURITY.md b/SECURITY.md
index 62b1cff..7727307 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -19,8 +19,16 @@ At the moment GPG encryption is no yet supported, however you may sign your mess
 
 ### When should I report a vulnerability?
 
+* You think you discovered a ...
+  * ... potential security vulnerability in the SDK
+  * ... vulnerability in another project that this SDK bases on
+* For projects with their own vulnerability reporting and disclosure process, please report it directly there
+
 ### When should I NOT report a vulnerability?
 
+* You need help applying security related updates
+* Your issue is not security related
+
 ## Security Vulnerability Response
 
 ## Public Disclosure Timing