diff --git a/SECURITY.md b/SECURITY.md
index a195ce706bc7..3483408e7ea8 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -124,6 +124,9 @@ to perform a release within this time window. If there are exceptional circumsta
 security team will raise this window to four weeks. The release window will be reduced if the
 security issue is public or embargo is broken.
 
+We will endeavor not to overlap this three week window with or place it adjacent to major corporate
+holiday periods or end-of-quarter (e.g. impacting downstream Istio releases), where possible.
+
 ### Fix and disclosure SLOs
 
 * All reports to envoy-security@googlegroups.com will be triaged and have an
diff --git a/security/email-templates.md b/security/email-templates.md
index e58dfdc91747..ffd0232c7798 100644
--- a/security/email-templates.md
+++ b/security/email-templates.md
@@ -50,6 +50,7 @@ Envoy maintainers on the Envoy GitHub.
 We will address the following CVE(s):
 
 * CVE-YEAR-ABCDEF (CVSS score $CVSS, $SEVERITY): $CVESUMMARY
+  - Link to the appropriate section of the CVE writeup document with gh-cve-template.md content.
 ...
 
 We intend to make candidates release patches available under embargo on the