diff --git a/README.md b/README.md
index 81a9aa10..7355c2f1 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,21 @@
Embedded JavaScript templates
-[![Build Status](https://img.shields.io/travis/mde/ejs/master.svg?style=flat)](https://travis-ci.org/mde/ejs)
-[![Developing Dependencies](https://img.shields.io/david/dev/mde/ejs.svg?style=flat)](https://david-dm.org/mde/ejs?type=dev)
[![Known Vulnerabilities](https://snyk.io/test/npm/ejs/badge.svg?style=flat)](https://snyk.io/test/npm/ejs)
=============================
+Security professionals, before reporting any security issues, please reference the
+SECURITY.md
+in this project, in particular, the following: "EJS is effectively a JavaScript runtime.
+Its entire job is to execute JavaScript. If you run the EJS render method without
+checking the inputs yourself, you are responsible for the results."
+
+In short, DO NOT submit 'vulnerabilities' that include this snippet of code:
+
+```javascript
+app.get('/', (req, res) => {
+ res.render('index', req.query);
+});
+```
+
## Installation
```bash