diff --git a/SECURITY.md b/SECURITY.md
index 54ce6c2..1fa361b 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -18,8 +18,7 @@ to [itop-security@combodo.com](mailto:itop-security@combodo.com).
 
 
 
-## 📆 Disclosure Policy
-
+## 🔍 Combodo acknowledgment and investigation
 Report sent to us will be acknowledged within the week.
 
 Then, a Combodo developer will be assigned to the reported issue and will:
@@ -34,3 +33,11 @@ Then, a Combodo developer will be assigned to the reported issue and will:
 Security issues always take precedence over bug fixes and feature work.
 
 The assignee will keep you informed of the resolution progress, and may ask you for additional information or guidance.
+
+
+## 📆 Disclosure Policy
+Once the fix is done and acknowledged by every stakeholder, it will be included in the next module version.  
+
+The release communications will include the information of the vulnerability fix.
+
+Corresponding GitHub advisories and CVE will be published 3 months after the extension version release date so that iTop instances can be updated.