diff --git a/SECURITY.md b/SECURITY.md
index 5d255ecc936bb..ff0e7844edeef 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -26,7 +26,7 @@ The asterisk (*) indicates the required field.
 
 The TiDB security team will confirm the vulnerabilities and contact you within 2 working days after your submission.
 
-We will publicly thank you after fixing the security vulnerability. To avoid negative impact, please keep the vulnerability confidential until we fix it. We would appreciate it if you could obey the following code of conduct:
+We will publicly thank you once the security vulnerability has been fixed. To avoid negative impact, please keep the vulnerability confidential until we fix it. We would appreciate it if you could obey the following code of conduct:
 
 The vulnerability will not be disclosed until TiDB releases a patch for it.