diff --git a/.github/SECURITY.md b/.github/SECURITY.md
index 01a70973..895a4a26 100644
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -17,19 +17,23 @@ Vulnerabilities can be reported in one of the following ways:
   Note that security advisories are reserved for security researchers who fully
   understand the Common Vulnerability Scoring System (CVSS), Common Weakness
   Enumeration (CWE), and Common Vulnerabilities and Exposures (CVE) Program and
-  who are prepared to demonstrate a known or probable exploit for an issue.
-  For example, if a buffer overrun, an uninitialized read, or undefined
-  behavior can be triggered by malformed data passed to a public libjpeg-turbo
-  API function from an otherwise well-behaved calling program, then it merits
-  investigation as a potential security issue.  If, however, the calling
-  program itself is malformed and could not work properly with any image, then
-  its inevitable failure is not a security issue.  Such failures can be
-  reported using a
+  who are prepared to demonstrate a known or probable exploit for an issue that
+  exists in an official release of libjpeg-turbo.  For example, if a buffer
+  overrun, an uninitialized read, or undefined behavior can be triggered by
+  malformed data passed to a public libjpeg-turbo API function from an
+  otherwise well-behaved calling program, then it merits investigation as a
+  potential security issue.  If, however, the calling program itself is
+  malformed and could not work properly with any image, then its inevitable
+  failure is not a security issue.  Such failures can be reported using a
   [GitHub bug report](https://github.com/libjpeg-turbo/libjpeg-turbo/issues/new/choose),
   and they will be investigated as potential opportunities for user proofing.
-- [Alpha/Evolving, Beta, and Post-Beta release series](https://libjpeg-turbo.org/DeveloperInfo/Versioning)
+- [Beta and Post-Beta release series](https://libjpeg-turbo.org/DeveloperInfo/Versioning)
   are not expected to be free of bugs, so vulnerabilities that affect only
   those release series (for example, vulnerabilities introduced by a new
   feature that is not present in a Stable release series) can optionally be
   reported using a
   [GitHub bug report](https://github.com/libjpeg-turbo/libjpeg-turbo/issues/new/choose).
+  Vulnerabilities that affect only
+  [Alpha/Evolving release series](https://libjpeg-turbo.org/DeveloperInfo/Versioning)
+  should always be reported using a
+  [GitHub bug report](https://github.com/libjpeg-turbo/libjpeg-turbo/issues/new/choose).