diff --git a/README.md b/README.md
index 08a68145d..b7c352c29 100644
--- a/README.md
+++ b/README.md
@@ -192,6 +192,11 @@ For sync communication we have a community slack with a #containerd channel that
 
 **Slack:** https://dockr.ly/community
 
+### Reporting security issues
+
+__If you are reporting a security issue, please follow the responsible
+disclosure guidelines and reach out discreetly at containerd-security@googlegroups.com__.
+
 ## Copyright and license
 
 Copyright ©2016-2017 Docker, Inc. All rights reserved, except as follows. Code
diff --git a/RELEASES.md b/RELEASES.md
index c3a828d96..75a3d5185 100644
--- a/RELEASES.md
+++ b/RELEASES.md
@@ -118,6 +118,8 @@ __If you are reporting a security issue, please follow the responsible
 disclosure guidelines and reach out discreetly__. Remember that backported PRs
 must follow the versioning guidelines from this document.
 
+Please send security related issues to containerd-security@googlegroups.com.
+
 Any release that is "active" can accept backports. Opening a backport PR is
 fairly straightforward. The steps differ depending on whether you are pulling
 a fix from master or need to draft a new commit specific to a particular