When developers fix a defect, they may change multiple files. The number of files changed for resolving the defect depends on how strongly the files are coupled with each other. In earlier works, researchers leveraged this coupling for better understanding and analyzing software as well as for guiding developers to quickly find all probable code areas to complete fixing a defect. In some studies, researchers generated association rules reflecting the coupling among files and built tools to automate the discovery of the related changes in the files. Such tools, however, do not consider the type of defects resolved earlier for generating the rules as a result of which many unrelated files may come up while changing a file in later releases for resolving a specific type of defect. Therefore, in our study, we consider only security defects or vulnerabilities to generate the rules and then automate the finding process of other related files while fixing a vulnerability. Our tool “SecureChange” suggests the developers a number of related files that might need to be changed while fixing a particular vulnerability based on the mined association rules from the revision history. This approach will have a significant role in guiding the developers in fixing a vulnerability. Furthermore, this will be an effective endeavor for training new developers based on the vulnerability history of a system, which will in turn help them to develop secure code. The proposed approach will also be helpful in educating new developers about software vulnerabilities. Finding all the related files which have been modified to fix a vulnerability, the new developers will be able to learn how the faults in a file can be the root cause of a vulnerability and how it can propagate to other related files and ultimately emerge as a vulnerability to the outside world. As a demonstration of our approach, we generate association rules based on the revision history of three systems: Android, Mozilla Firefox, and Apache Tomcat. The average precision and recall of 44% and 44% respectively for three systems indicate the feasibility of our approach.