Point users to the new security@guacamole.apache.org list for reporting issues with potential security implications.
diff --git a/faq.md b/faq.md
index 10e5e32..9166913 100644
--- a/faq.md
+++ b/faq.md
@@ -61,7 +61,7 @@
* Report the issue to us privately, either to the private security mailing list
of the [ASF Security Team](https://www.apache.org/security/) or the
- <private@guacamole.apache.org> mailing list.
+ <security@guacamole.apache.org> mailing list.
* Do not disclose or discuss the issue in a public forum until the Apache
Guacamole project has addressed the issue and made an [announcement of the
vulnerability](/security/), or until it has been determined not to be a
diff --git a/security.md b/security.md
index 701288d..1b73d97 100644
--- a/security.md
+++ b/security.md
@@ -18,7 +18,7 @@
disclosure](https://en.wikipedia.org/wiki/Responsible_disclosure) practices and
report discovered security issues privately, either to the private security
mailing list of the [ASF Security Team](https://www.apache.org/security/) or
-the <private@guacamole.apache.org> mailing list, before disclosing or
+the <security@guacamole.apache.org> mailing list, before disclosing or
discussing the issue in a public forum.
{% assign releases = site.security | group_by: 'fixed' %}