diff --git a/general/security/developer.md b/general/security/developer.md
index d85480b66b59d997f745b5d465fffa0226e6e7a3..39b342b86eba492405d7b80bbc03b04bef899a09 100644
--- a/general/security/developer.md
+++ b/general/security/developer.md
@@ -39,7 +39,7 @@ post-deployment patch process.
   disclosure.
 - [Create a new issue on org](https://dev.gitlab.org/gitlab/gitlabhq/issues/new?issuable_template=Security+developer+workflow) using the [Security Developer Workflow] template.
 - Security vulnerabilities that exist in **both** CE and EE should be fixed in
-  the [CE project on org](https://dev.gitlab.org/gitlab/gitlabhq).
+  the [CE project on org](https://dev.gitlab.org/gitlab/gitlabhq), and a corresponding MR is required for EE in order to avoid unexpected conflicts and failing tests.
 - Security vulnerabilities that exist only in EE should be fixed in the [EE
   project on org](https://dev.gitlab.org/gitlab/gitlab-ee).
 - Security vulnerabilities that exist in Omnibus should be fixed in the [Omnibus