diff --git a/SECURITY.md b/SECURITY.md
index 3930a342df2c5d..0ab2b4a3cac119 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -147,7 +147,7 @@ the community they pose.
 #### Missing Cryptographic Step (CWE-325)
 
 * Node.js provides APIs to encrypt data. Bugs that would allow an attacker
-  to get the orginal data without requiring the encryption key are
+  to get the original data without requiring the decryption key are
   considered vulnerabilities.
 
 #### External Control of System or Configuration Setting (CWE-15)