diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index d851cc4..e5b4806 100755
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1 +1,2 @@
-* @docker/supply-chain-security
+* @docker/signing
+targets/doi/ @docker/doi @docker/signing
diff --git a/README.md b/README.md
index 7dc988f..14edaef 100644
--- a/README.md
+++ b/README.md
@@ -23,10 +23,6 @@ The process used to establish Docker's production TUF root is documented in [CER
 | James Carnegie   | [kipz](https://github.com/kipz)                                 | Targets, Delegated Targets (DOI) | [28751259](./ceremony/2024-06-04/keys/28751259/) |
 | Jonny Stoten     | [jonnystoten](https://github.com/jonnystoten)                   | Targets, Delegated Targets (DOI) | [28751258](./ceremony/2024-06-04/keys/28751258/) |
 
-## Reporting security issues
+## Security reporting
 
-Docker's TUF maintainers take security seriously. If you discover a security issue, please bring it to their attention right away!
-
-Please **DO NOT** file a public issue, instead send your report privately to [security@docker.com](mailto:security@docker.com).
-
-Security reports are greatly appreciated and we will publicly thank you for it, although we keep your name confidential if you request it. We also like to send gifts—if you're into schwag, make sure to let us know. We currently do not offer a paid security bounty program, but are not ruling it out in the future.
+If you have any security concerns please follow [SECURITY.md](./SECURITY.md)
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..9319189
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,7 @@
+## Reporting security issues
+
+Docker's TUF maintainers take security seriously. If you discover a security issue, please bring it to their attention right away!
+
+Please **DO NOT** file a public issue, instead send your report privately to [security@docker.com](mailto:security@docker.com).
+
+Security reports are greatly appreciated and we will publicly thank you for it, although we keep your name confidential if you request it. We also like to send gifts—if you're into schwag, make sure to let us know. We currently do not offer a paid security bounty program, but are not ruling it out in the future.
\ No newline at end of file