diff -u b/core/modules/update/src/ProjectSecurityData.php b/core/modules/update/src/ProjectSecurityData.php
--- b/core/modules/update/src/ProjectSecurityData.php
+++ b/core/modules/update/src/ProjectSecurityData.php
@@ -18,6 +18,10 @@
    * 9.0.x branch will receive security coverage until the release of version
    * 9.2.0.
    *
+   * @todo In https://www.drupal.org/node/2998285 determine if we want this
+   *   policy to be expressed in the updates.drupal.org feed, instead of relying
+   *   on a hard-coded constant.
+   *
    * @see https://www.drupal.org/core/release-cycle-overview
    */
   const CORE_MINORS_WITH_SECURITY_COVERAGE = 2;
@@ -147,12 +151,14 @@
    * Gets the release the current minor will receive security coverage until.
    *
+   * For the sake of example, assume that the currently installed version of
+   * Drupal is 8.7.11 and that static::CORE_MINORS_WITH_SECURITY_COVERAGE is 2.
+   * When Drupal 8.9.0 is released, the supported minor versions will be 8.8
+   * and 8.9. At that point, Drupal 8.7 will no longer have security
+   * coverage. Therefore this function would return "8.9.0"
+   *
    * @todo In https://www.drupal.org/node/2608062 determine how we will know
    *   what the final minor release of a particular major version will be. This
    *   method should not return a version beyond that minor.
    *
-   * @todo In https://www.drupal.org/node/2998285 determine if we want this
-   *   policy to be expressed in the updates.drupal.org feed, instead of relying
-   *   on a hard-coded constant (static::CORE_MINORS_WITH_SECURITY_COVERAGE).
-   *
    * @return string|null
    *   The version the existing version will receive security coverage until or
@@ -180,14 +186,17 @@
    *   should expire. This target release is determined by
    *   getSecurityCoverageUntilVersion().
    *
-   * Some examples of how this function behaves:
+   * For the sake of example, assume that the currently installed version of
+   * Drupal is 8.7.11 and that static::CORE_MINORS_WITH_SECURITY_COVERAGE is 2.
+   *
+   * Before the release of Drupal 8.8.0, this function would would 2.
+   *
+   * After the release of Drupal 8.8.0 and before the release of 8.9.0, this
+   * function would return 1.
    *
-   * If the currently installed version of Drupal is 8.7.11, it should be
-   * supported until the 8.9.0 release is published. If the latest official
-   * release of core is 8.8.2, there's one more minor version to go before
-   * coverage expires for 8.7.x, so this function will return 1. Once 8.9.0 is
-   * released, this function will return 0 on a site still running 8.7.11 to
-   * indicate that security coverage has expired.
+   * When Drupal 8.9.0 is released, the supported minor versions will be 8.8 and
+   * 8.9. At that point, Drupal 8.7 will no longer have security coverage and
+   * this function would return 0 to indicate that security coverage is over.
    *
    * If the currently installed version is 9.0.0, and there is no 9.1.0 release
    * yet, the function would return 2. Once 9.1.0 is out, it would return 1.