diff --git a/SECURITY.md b/SECURITY.md
index 3ef89aaf..5f63865a 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -39,10 +39,12 @@ The following do not constitute security vulnerabilities in Homebrew:
 - security vulnerabilities in software used by but not written by Homebrew
 - nominal clickjacking and similar attacks against our static, GitHub Pages websites
 
-While researching, we'd like to ask you to refrain from:
+## Conduct
+
+While researching, we ask you to refrain from:
 
 - Denial of service
 - Spamming
 - Social engineering (including phishing) of Homebrew maintainers or contributors
 - Any physical attempts against Homebrew's machines
-
+- Performing vulnerability research in public, such as testing discoveries by opening pull requests to Homebrew's public repositories without prior written approval