diff --git a/doc/contributing/vulnerability-roundup.chapter.md b/doc/contributing/vulnerability-roundup.chapter.md
index d451420f9815..0880fecea982 100644
--- a/doc/contributing/vulnerability-roundup.chapter.md
+++ b/doc/contributing/vulnerability-roundup.chapter.md
@@ -1,45 +1,11 @@
# Vulnerability Roundup {#chap-vulnerability-roundup}
+This section has been moved to [pkgs/README.md](https://github.com/NixOS/nixpkgs/blob/master/pkgs/README.md).
+
## Issues {#vulnerability-roundup-issues}
-Vulnerable packages in Nixpkgs are managed using issues.
-Currently opened ones can be found using the following:
-
-[github.com/NixOS/nixpkgs/issues?q=is:issue+is:open+"Vulnerability+roundup"](https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+%22Vulnerability+roundup%22)
-
-Each issue correspond to a vulnerable version of a package; As a consequence:
-
-- One issue can contain several CVEs;
-- One CVE can be shared across several issues;
-- A single package can be concerned by several issues.
-
-
-A "Vulnerability roundup" issue usually respects the following format:
-
-```txt
-,
-
-
-
-
-
-
-```
-
-Note that there can be an extra comment containing links to previously reported (and still open) issues for the same package.
-
+This section has been moved to [pkgs/README.md](https://github.com/NixOS/nixpkgs/blob/master/pkgs/README.md).
## Triaging and Fixing {#vulnerability-roundup-triaging-and-fixing}
-**Note**: An issue can be a "false positive" (i.e. automatically opened, but without the package it refers to being actually vulnerable).
-If you find such a "false positive", comment on the issue an explanation of why it falls into this category, linking as much information as the necessary to help maintainers double check.
-
-If you are investigating a "true positive":
-
-- Find the earliest patched version or a code patch in the CVE details;
-- Is the issue already patched (version up-to-date or patch applied manually) in Nixpkgs's `master` branch?
- - **No**:
- - [Submit a security fix](#submitting-changes-submitting-security-fixes);
- - Once the fix is merged into `master`, [submit the change to the vulnerable release branch(es)](https://nixos.org/manual/nixpkgs/stable/#submitting-changes-stable-release-branches);
- - **Yes**: [Backport the change to the vulnerable release branch(es)](https://nixos.org/manual/nixpkgs/stable/#submitting-changes-stable-release-branches).
-- When the patch has made it into all the relevant branches (`master`, and the vulnerable releases), close the relevant issue(s).
+This section has been moved to [pkgs/README.md](https://github.com/NixOS/nixpkgs/blob/master/pkgs/README.md).
diff --git a/pkgs/README.md b/pkgs/README.md
index 8559d9bee027..774b738f688b 100644
--- a/pkgs/README.md
+++ b/pkgs/README.md
@@ -765,3 +765,49 @@ Security fixes are submitted in the same way as other changes and thus the same
If a security fix applies to both master and a stable release then, similar to regular changes, they are preferably delivered via master first and cherry-picked to the release branch.
Critical security fixes may by-pass the staging branches and be delivered directly to release branches such as `master` and `release-*`.
+
+### Vulnerability Roundup {#chap-vulnerability-roundup}
+
+#### Issues {#vulnerability-roundup-issues}
+
+Vulnerable packages in Nixpkgs are managed using issues.
+Currently opened ones can be found using the following:
+
+[github.com/NixOS/nixpkgs/issues?q=is:issue+is:open+"Vulnerability+roundup"](https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+%22Vulnerability+roundup%22)
+
+Each issue correspond to a vulnerable version of a package; As a consequence:
+
+- One issue can contain several CVEs;
+- One CVE can be shared across several issues;
+- A single package can be concerned by several issues.
+
+
+A "Vulnerability roundup" issue usually respects the following format:
+
+```txt
+,
+
+
+
+
+
+
+```
+
+Note that there can be an extra comment containing links to previously reported (and still open) issues for the same package.
+
+
+#### Triaging and Fixing {#vulnerability-roundup-triaging-and-fixing}
+
+**Note**: An issue can be a "false positive" (i.e. automatically opened, but without the package it refers to being actually vulnerable).
+If you find such a "false positive", comment on the issue an explanation of why it falls into this category, linking as much information as the necessary to help maintainers double check.
+
+If you are investigating a "true positive":
+
+- Find the earliest patched version or a code patch in the CVE details;
+- Is the issue already patched (version up-to-date or patch applied manually) in Nixpkgs's `master` branch?
+ - **No**:
+ - [Submit a security fix](#submitting-changes-submitting-security-fixes);
+ - Once the fix is merged into `master`, [submit the change to the vulnerable release branch(es)](https://nixos.org/manual/nixpkgs/stable/#submitting-changes-stable-release-branches);
+ - **Yes**: [Backport the change to the vulnerable release branch(es)](https://nixos.org/manual/nixpkgs/stable/#submitting-changes-stable-release-branches).
+- When the patch has made it into all the relevant branches (`master`, and the vulnerable releases), close the relevant issue(s).