Timely patch management is crucial for protection against malicious attacks. The lack of quality documentation on security patches hinders the efficiency of triage systems in identifying and prioritizing security patches. Previous work has shown that vulnerability patch detection techniques cannot rely purely on commit messages to detect software patches due to the often inaccurate, incomplete, and missing data. Providing well-structured and quality security patch documentation can improve security awareness, facilitate quicker stakeholder responses to potential vulnerabilities and allow researchers to produce larger research datasets for security. We investigated the completeness and standardization of 11036 security commit messages by analyzing the types of information included in those messages and if common practices to create commit messages were applied. We concluded that security commit messages miss important information and do not follow standardization. We propose a solution for standardization called SECOM and show the potential of LLMs to help us generate more complete and standardized commit messages automatically.