diff --git a/scout/advisory-db-sources.md b/scout/advisory-db-sources.md
index 94b5c48e69..fd1f3c2eec 100644
--- a/scout/advisory-db-sources.md
+++ b/scout/advisory-db-sources.md
@@ -70,9 +70,9 @@ Artifactory](https://docs.docker.com/scout/artifactory/).
 
 Many other tools use fuzzy [Common Product Enumeration
 (CPE)](https://en.wikipedia.org/wiki/Common_Platform_Enumeration) matching with
-wild cards to attempt to match potential vulnerabilities in packages and
-operating systems. This can return a lot of false positives which you need to
-triage.
+wild cards to known vulnerabilities with the versions of software packages they affect.
+This can return a lot of false positives which you need to triage.
+
 
 The typical structure of a CPE match looks like this: