diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..b720b9b3d
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,3 @@
+# Gnuboard5 Security Policy
+
+Please ask [https://sir.kr/security/.](https://sir.kr/co_qa)
diff --git a/lib/common.lib.php b/lib/common.lib.php
index 124335ce9..236e90349 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -726,7 +726,7 @@ function get_sql_search($search_ca_name, $search_field, $search_text, $search_op
     $tmp = explode(",", trim($search_field));
     $field = explode("||", $tmp[0]);
     $not_comment = "";
-    if (!empty($tmp[1]))
+    if (isset($tmp[1]))
         $not_comment = $tmp[1];
 
     $str .= "(";
@@ -782,8 +782,11 @@ function get_sql_search($search_ca_name, $search_field, $search_text, $search_op
         $op1 = " $search_operator ";
     }
     $str .= " ) ";
-    if ($not_comment)
+    if ($not_comment === '1') {
         $str .= " and wr_is_comment = '0' ";
+    } else if ($not_comment === '0') {
+        $str .= " and wr_is_comment = '1' ";
+    }
 
     return $str;
 }