diff --git a/SECURITY.md b/SECURITY.md
index 47998ea50d..b5ab90418f 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -59,12 +59,12 @@ Once the fix has been deployed to the security group validators, the patches fro
 
 ### 7. Security Advisory Bounty Accounting and Cleanup
 If this issue is eligible for a bounty, prefix the title of the security advisory with one of the following, depending on the severity:
-[Bounty Category: Critical: Loss of Funds]
-[Bounty Category: Critical: Consensus / Safety Violations]
-[Bounty Category: Critical: Liveness / Loss of Availability]
-[Bounty Category: Critical: DoS Attacks]
-[Bounty Category: Supply Chain Attacks]
-[Bounty Category: RPC]
+- [Bounty Category: Critical: Loss of Funds]
+- [Bounty Category: Critical: Consensus / Safety Violations]
+- [Bounty Category: Critical: Liveness / Loss of Availability]
+- [Bounty Category: Critical: DoS Attacks]
+- [Bounty Category: Supply Chain Attacks]
+- [Bounty Category: RPC]
 Confirm with the reporter that they agree with the severity assessment, and discuss as required to reach a conclusion.
 
 We currently do not use the Github workflow to publish security advisories. Once the issue and fix have been disclosed, and a bounty category is assessed if appropriate, the GitHub security advisory is no longer needed and can be closed.