diff --git a/pep-0446.txt b/pep-0446.txt
index 715bef788..546c110f8 100644
--- a/pep-0446.txt
+++ b/pep-0446.txt
@@ -170,18 +170,11 @@ Example of issues in open source projects:
 Security Vulnerability
 ----------------------
 
-Leaking file descriptors is also a well known security vulnerability:
-read
-`FIO42-C. Ensure files are properly closed when they are no longer
-needed
-<https://www.securecoding.cert.org/confluence/display/seccode/FIO42-C.+Ensure+files+are+properly+closed+when+they+are+no+longer+needed>`_
-of the CERT.
-
-An untrusted child process can read sensitive data like passwords and
-take control of the parent process though leaked file descriptors. It is
-for example a way to escape from a chroot. With a leaked listening
-socket, a child process can accept new connections to read sensitive
-data.
+Leaking sensitive file handles and file descriptors can lead to security
+vulnerabilities. An untrusted child process can read sensitive data like
+passwords and take control of the parent process though leaked file
+descriptors. With a leaked listening socket, a child process can accept
+new connections to read sensitive data.
 
 Example of vulnerabilities:
 
@@ -199,6 +192,11 @@ Example of vulnerabilities:
   <http://www.openssh.com/txt/portable-keysign-rand-helper.adv>`_
   (2011)
 
+Read also the CERT Secure Coding Standards:
+`FIO42-C. Ensure files are properly closed when they are no longer
+needed
+<https://www.securecoding.cert.org/confluence/display/seccode/FIO42-C.+Ensure+files+are+properly+closed+when+they+are+no+longer+needed>`_.
+
 
 Issues fixed in the subprocess module
 -------------------------------------