diff --git a/SECURITY.md b/SECURITY.md
index 249ecfa3..4dd77e38 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -35,7 +35,7 @@ When the security team receives a security bug report, they will assign it
 to a primary handler. This person will coordinate the fix and release
 process, involving the following steps:
 
-  * Confirm the problem and determine the affected versions.
-  * Audit code to find any potential similar problems.
-  * Prepare fixes for all releases still under maintenance. These fixes
+* Confirm the problem and determine the affected versions.
+* Audit code to find any potential similar problems.
+* Prepare fixes for all releases still under maintenance. These fixes
     will be released as fast as possible to NPM.