diff --git a/markdown/contact/product-reviews.md b/markdown/contact/product-reviews.md
index 0ad26a0..dfa1d56 100644
--- a/markdown/contact/product-reviews.md
+++ b/markdown/contact/product-reviews.md
@@ -7,4 +7,4 @@
 _Adopted from [Tom Scott's contact page](https://tomscott.com/contact/reviews)_
 
 I don't review products. Please do not ask me to review products. (If I do in the future, I
-may only review products I personally use.)
\ No newline at end of file
+may only review products I personally use.)
diff --git a/markdown/contact/security.md b/markdown/contact/security.md
index 536be35..b6b60bb 100644
--- a/markdown/contact/security.md
+++ b/markdown/contact/security.md
@@ -15,12 +15,19 @@ If you're looking for my PGP keys, please [visit this page](../keys/index.md).
 ## Submitting security patches
 
 If you also want to submit a security patch, please DO NOT mention about the vunlerability
-within the patch.
+within the patch (unless via the specialized security mailing list mentioned below).
 
 ### via email
 
 Please send security patches at [`~ajhalili2006/security@lists.sr.ht`](mailto:~ajhalili2006/security@lists.sr.ht)
-instead of the public inbox if you using email.
+instead of the public inbox if you using email to submit patches. Access to the mailing list
+archives is limited to few trusted people alongside myself.
+
+### as confidential GitLab merge request
+
+When submitting a security-senstive patch in GitLab, don't forget to mark it as
+confidential merge request or request to access to security patches-only private fork.
+[See GitLab Docs for details](https://docs.gitlab.com/ee/user/project/merge_requests/confidential.html).
 
 ## See also