diff --git a/Makefile b/Makefile
index 775fcf9b1..4d87d7a7b 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,10 @@ UNITTEST_OPTS = --verbose
 # Ignore bandit B404 errors. Any import of the subprocess module causes this
 # error. We know what we are doing when we import that module and do not
 # need to be warned.
-BANDIT_SKIP = --skip B404
+# Ignore bandit B603 errors. It is actually considered safer to invoke
+# subprocess functions or constructors with shell=False, as is our standard
+# custom. So B603 is essentially equivalent to B404 which we also ignore.
+BANDIT_SKIP = --skip B404,B603
 
 .PHONY: lint
 lint: