doc: clarify position about reports from security scanners

Signed-off-by: Simon Pasquier <spasquie@redhat.com>

README.md

@@ -175,9 +175,14 @@ See [CONTRIBUTING](CONTRIBUTING.md).
 
 ## Security
 
-If you find a security vulnerability related to the Prometheus Operator, please
+If you find a security vulnerability related to the Prometheus Operator which
-do not report it by opening a GitHub issue, but instead please send an e-mail to
+isn't already publicly disclosed, please do not report it by opening a GitHub
-the maintainers of the project found in the [MAINTAINERS.md](MAINTAINERS.md) file.
+issue, but instead please send an e-mail to the maintainers of the project
+found in the [MAINTAINERS.md](MAINTAINERS.md) file.
+
+Please refer to the [Prometheus
+documentation](https://prometheus.io/docs/operating/security/#automated-security-scanners)
+when reporting issues from automated security scanners.
 
 ## Troubleshooting
 

SECURITY.md

@@ -1,5 +1,10 @@
 # Security
 
-If you find a security vulnerability related to the Prometheus Operator, please
+If you find a security vulnerability related to the Prometheus Operator which
-do not report it by opening a GitHub issue, but instead please send an e-mail to
+isn't already publicly disclosed, please do not report it by opening a GitHub
-the maintainers of the project found in the [MAINTAINERS.md](MAINTAINERS.md) file.
+issue, but instead please send an e-mail to the maintainers of the project
+found in the [MAINTAINERS.md](MAINTAINERS.md) file.
+
+Please refer to the [Prometheus
+documentation](https://prometheus.io/docs/operating/security/#automated-security-scanners)
+when reporting issues from automated security scanners.