diff --git a/SECURITY.md b/SECURITY.md
index a8d8fa11f..ec035df45 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -7,3 +7,6 @@ Only the most recent version of pandoc is supported with security updates.
 ## Reporting a Vulnerability
 
 To report a vulnerability, email the maintainer, jgm@berkeley.edu.
+But first please read the section of the manual entitled
+[A note on security](https://pandoc.org/MANUAL.html#a-note-on-security),
+which describes some security guarantees pandoc does NOT make.