diff --git a/book/SUMMARY.md b/book/SUMMARY.md
index de2bd079..089a9ad7 100644
--- a/book/SUMMARY.md
+++ b/book/SUMMARY.md
@@ -5,3 +5,4 @@
 * [Migration to/from Conduit](./migration.md)
 * [Changelog](./changelog.md)
 * [Contributing](./contributing.md)
+  * [Coordinated vulnerability disclosure](./contributing/security.md)
diff --git a/book/contributing.md b/book/contributing.md
index 8eb5bdd4..286cc3c3 100644
--- a/book/contributing.md
+++ b/book/contributing.md
@@ -1,7 +1,5 @@
 # Contributing
 
-## On GitLab
-
 Instructions for getting GitLab access can be found on the [sign-in][sign-in]
 page.
 
@@ -15,19 +13,3 @@ issue on your behalf.
 
 [room]: https://matrix.to/#/#grapevine:computer.surgery
 [sign-in]: https://gitlab.computer.surgery/users/sign_in
-
-## Information about a vulnerability
-
-If you find a security vulnerability in Grapevine, please privately report it to
-the Grapevine maintainers in one of the following ways:
-
-* Open a GitLab issue that's marked as confidential
-* Create a private, invite-only, E2EE Matrix room and invite the following
-  users:
-  * `@olivia:computer.surgery`
-  * `@charles:computer.surgery`
-  * `@xiretza:xiretza.xyz`
-
-If the maintainers determine that the vulnerability is shared with Conduit or
-other forks, we'll work with their teams to ensure that all affected projects
-can release a fix at the same time.
diff --git a/book/contributing/security.md b/book/contributing/security.md
new file mode 100644
index 00000000..f54e0567
--- /dev/null
+++ b/book/contributing/security.md
@@ -0,0 +1,15 @@
+# Coordinated vulnerability disclosure
+
+If you find a security vulnerability in Grapevine, please privately report it to
+the Grapevine maintainers in one of the following ways:
+
+* Open a GitLab issue that's marked as confidential
+* Create a private, invite-only, E2EE Matrix room and invite the following
+  users:
+  * `@charles:computer.surgery`
+  * `@olivia:computer.surgery`
+  * `@xiretza:xiretza.xyz`
+
+If the maintainers determine that the vulnerability is shared with Conduit or
+other forks, we'll work with their teams to ensure that all affected projects
+can release a fix at the same time.