diff --git a/docs/SECURITY.md b/docs/SECURITY.md
index 9b645f7a..9c6315b8 100644
--- a/docs/SECURITY.md
+++ b/docs/SECURITY.md
@@ -10,6 +10,7 @@ You may report issues for the most recent version of go-tuf. We will not retroac
 
 If you discover a potential security issue in this project we ask that you notify the go-tuf maintainers via our [vulnerability reporting form](https://forms.gle/ShM4s3mLbUAx5QHo8). At the minimum, the report must contain the following:
 * A description of the issue.
+* A specific version or commit SHA of `go-tuf` where the issue reproduces.
 * Instructions to reproduce the issue.
 
 Please do **not** create a public GitHub issue to submit vulnerability reports. The GitHub issue tracker is intended for bug reports and feature requests. Major feature requests, such as design changes to the specification, should be proposed via a [TUF Augmentation Protocol](https://theupdateframework.github.io/specification/latest/#tuf-augmentation-proposal-tap-support) (TAP).