diff --git a/documentation/content/en/books/porters-handbook/security/chapter.adoc b/documentation/content/en/books/porters-handbook/security/chapter.adoc
--- a/documentation/content/en/books/porters-handbook/security/chapter.adoc
+++ b/documentation/content/en/books/porters-handbook/security/chapter.adoc
@@ -198,6 +198,14 @@
 % make validate
 ....
 
+The previous command generates the [.filename]#vuln-flat.xml# file. It can also
+be generated with:
+
+[source,bash]
+....
+% make vuln-flat.xml
+....
+
 [NOTE]
 ====
 At least one of these packages needs to be installed: package:textproc/libxml2[], package:textproc/jade[].
@@ -207,7 +215,7 @@
 
 [source,bash]
 ....
-% pkg audit -f ${PORTSDIR}/security/vuxml/vuln.xml dropbear-2013.58
+% pkg audit -f ${PORTSDIR}/security/vuxml/vuln-flat.xml dropbear-2013.58
 ....
 
 Make sure that the entry produces no spurious matches in the output.
@@ -216,7 +224,7 @@
 
 [source,bash]
 ....
-% pkg audit -f ${PORTSDIR}/security/vuxml/vuln.xml dropbear-2013.58 dropbear-2013.59
+% pkg audit -f ${PORTSDIR}/security/vuxml/vuln-flat.xml dropbear-2013.58 dropbear-2013.59
 dropbear-2012.58 is vulnerable:
 dropbear -- exposure of sensitive information, DoS
 CVE: CVE-2013-4434