From 34faa39bd3cd496a0aece0245f2b7e38b7923abc Mon Sep 17 00:00:00 2001
From: Affaan Mustafa <me@affaanmustafa.com>
Date: Thu, 18 Jun 2026 22:16:06 -0400
Subject: [PATCH] docs(security): use the monitored affaan@ecc.tools contact in
 SECURITY.md

---
 SECURITY.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index ac264429..c7fdcfd9 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -13,11 +13,13 @@ Security fixes land on `main` first. Backports are best-effort and only for curr
 
 ## Reporting a Vulnerability
 
-Use GitHub private vulnerability reporting — it is the only monitored channel and reaches the maintainer directly:
+Use GitHub private vulnerability reporting whenever possible — it reaches the maintainer directly:
 
 - <https://github.com/affaan-m/ECC/security/advisories/new>
 
-Do **not** open a public GitHub issue for security vulnerabilities, and do not rely on email — there is no monitored security mailbox.
+You can also email **<affaan@ecc.tools>** (the `security@ecc.tools` alias is not monitored — use `affaan@ecc.tools`).
+
+Do **not** open a public GitHub issue for security vulnerabilities.
 
 Include: