diff --git a/README.md b/README.md
index 9b2b16d6d..aa0a1bd25 100644
--- a/README.md
+++ b/README.md
@@ -108,6 +108,10 @@ for how PR reviews and approval, and our
 [Code of Conduct](https://github.com/cloudevents/spec/blob/main/docs/GOVERNANCE.md#additional-information)
 information.
 
+If there is a security concern with one of the CloudEvents specifications, or
+with one of the project's SDKs, please send an email to
+[cncf-cloudevents-security@lists.cncf.io](mailto:cncf-cloudevents-security@lists.cncf.io).
+
 ## Additional SDK Resources
 
 - [List of current active maintainers](MAINTAINERS.md)