Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix a couple of typos #29

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions draft-birkholz-scitt-software-use-cases.md
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ Recently, the global community has experienced numerous supply chain attacks tar
|
+-----+-----+
| | Malicious plug-ins;
| Commit | Malcious commit
| Commit | Malicious commit
| |
+-----+-----+
|
Expand Down Expand Up @@ -257,7 +257,7 @@ There is no standardized way to:
An organization has established procurement requirements and compliance policies for software use.
In order to allow the acquisition and deployment of software in certain security domains of the organization, a check of software quality and characteristics must succeed.
Compliance and requirement checking includes audits of the results of organisational procedures and technical procedures, which can originate from checks conducted by the organization itself or checks conducted by trusted third parties.
Consecutively, consumers of statements about a released software can be auditors.
Consequently, consumers of statements about a released software can be auditors.
Examples of procedure results important to audits include: available fresh and applicable code reviews, certification documents (e.g., FIPS or Common Criteria), virus scans, vulnerability disclosure reports (fixed or not fixed), security impact or applicability justification statements.
Relevant compliance, requirement, and check result documents originate from various sources and include a wide range of representations and formats.

Expand Down
Loading