diff --git a/SECURITY.md b/SECURITY.md
index 4ed9d3807c..7981a44b64 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -23,17 +23,12 @@ Users are urged to always use the latest version of a maintained branch.
 
 We use the following classification of attacks:
 
-- **Remote Attacks:** The attacker can observe and modify data sent over the
-  network. This includes observing the content and timing of individual packets,
-  as well as suppressing or delaying legitimate messages, and injecting messages.
-- **Timing Attacks:** The attacker can gain information about the time taken
-  by certain sets of instructions in Mbed TLS operations.
-- **Physical Attacks:** The attacker has access to physical information about
-  the hardware Mbed TLS is running on and/or can alter the physical state of
-  the hardware.
-
 ### Remote attacks
 
+The attacker can observe and modify data sent over the network. This includes
+observing the content and timing of individual packets, as well as suppressing
+or delaying legitimate messages, and injecting messages.
+
 Mbed TLS aims to fully protect against remote attacks and to enable the user
 application in providing full protection against remote attacks. Said
 protection is limited to providing security guarantees offered by the protocol
@@ -42,6 +37,9 @@ arrive without delay, as the TLS protocol doesn't guarantee that either.)
 
 ### Timing attacks
 
+The attacker can gain information about the time taken by certain sets of
+instructions in Mbed TLS operations.
+
 Mbed TLS provides limited protection against timing attacks. The cost of
 protecting against timing attacks widely varies depending on the granularity of
 the measurements and the noise present. Therefore the protection in Mbed TLS is
@@ -71,6 +69,9 @@ Guide](docs/architecture/alternative-implementations.md) for more information.
 
 ### Physical attacks
 
+The attacker has access to physical information about the hardware Mbed TLS is
+running on and/or can alter the physical state of the hardware.
+
 Physical attacks are out of scope (eg. power analysis or radio emissions). Any
 attack using information about or influencing the physical state of the
 hardware is considered physical, independently of the attack vector. (For