diff --git a/doc/guides/cve-management-process.md b/doc/guides/cve-management-process.md
index 36c2b3a6ca38f0..eba94484b53877 100644
--- a/doc/guides/cve-management-process.md
+++ b/doc/guides/cve-management-process.md
@@ -18,17 +18,17 @@ of contact points.  Email aliases have been setup for these as follows:
 
 * **Public contact points**. Email address to which people will be directed
   by Mitre when they are asked for a way to contact the Node.js team about
-  CVE-related issues. **cve-request@iojs.org**
+  CVE-related issues. **[cve-request@iojs.org][]**
 
 * **Private contact points**. Administrative contacts that Mitre can reach out
    to directly in case there are issues that require immediate attention.
-   **cve-mitre-contact@iojs.org**
+   **[cve-mitre-contact@iojs.org][]**
 
 * **Email addresses to add to the CNA email discussion list**. This address has
    been added to a closed mailing list that is used for announcements,
    sharing documents, or discussion relevant to the CNA community.
    The list rarely has more than ten messages a week.
-   **cna-discussion-list@iojs.org**
+   **[cna-discussion-list@iojs.org][]**
 
 ## CNA management processes
 
@@ -72,7 +72,7 @@ of CVEs should then be requested using the steps listed above.
 
 ### External CVE request process
 
-When a request for a CVE is received via the cve-request@iojs.org
+When a request for a CVE is received via the [cve-request@iojs.org][]
 email alias the following process will be followed (likely updated
 after we get HackerOne up and running).
 
@@ -135,3 +135,7 @@ following steps are used to assign, announce and report a CVE.
 * Move the CVE from the Pending section to the Announced section along
   with a link to the Node.js blog post announcing that releases
   are available.
+
+[cve-request@iojs.org]: mailto:cve-request@iojs.org
+[cve-mitre-contact@iojs.org]: mailto:cve-mitre-contact@iojs.org
+[cna-discussion-list@iojs.org]: mailto:cna-discussion-list@iojs.org