diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
index c2031125c..4f135f0a7 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -7,6 +7,12 @@ assignees: ''
 
 ---
 
+NOTE: if the bug you are reporting has or may have security implications,
+we ask that you report it privately to
+<mbed-tls-security@lists.trustedfirmware.org>
+so that we can prepare and release a fix before publishing the details.
+See [SECURITY.md](https://github.com/Mbed-TLS/mbedtls/blob/development/SECURITY.md).
+
 ### Summary
 
 
@@ -25,6 +31,10 @@ Additional environment information:
 
 ### Actual behavior
 
+NOTE: if the actual behaviour evokes memory corruption (like a crash or an error
+from a memory checker), then the bug should be assumed to have security
+implications (until proven otherwise), and we ask what you report it privately,
+see the note at the some of this template.
 
 
 ### Steps to reproduce