diff --git a/SECURITY.md b/SECURITY.md
index ebf985b7523..f450e11235b 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -7,11 +7,14 @@
 
     - For nested dependency/sub-deps - In order to enforce package above Vx.y.z, we can add version in the resolutions [section](https://classic.yarnpkg.com/lang/en/docs/selective-version-resolutions/) for all the package sub-deps or specific package sub-dep. For more on version updates please see 
 [Why](https://classic.yarnpkg.com/lang/en/docs/selective-version-resolutions/#toc-why-would-you-want-to-do-this) and [How](https://classic.yarnpkg.com/lang/en/docs/selective-version-resolutions/#toc-how-to-use-it) to upgrade.
-       ```
+    - To add the CVEs fix to previous versions, add label ex: backport 1.x. 
+  
+      ```
       Example: foobar@1.x vulnerable package and 1.y is the fix 
       step 1: 
       For direct dependency checks: 
-              run: yarn upgrade foobar@1.y 
+              run: yarn upgrade foobar@1.y to update the package.json 
+              and yarn install to update the yarn.lock file
       Step 2.
       Check for sub deps foobar in other package. 
               If foobar@1.x exists for subdeps in yarn.lock file
@@ -19,4 +22,6 @@
                 'resolutions': { "**/foobar": "^1.y", 
                                  "**/foo": "^2.x" ,
                                  "**/bar": "^3.k"}
-      
\ No newline at end of file
+              Then run: yarn install for updating yarn.lock file
+
+    
\ No newline at end of file