Apply suggestions from code review

commjoen · bendehaan · web-flow · commit 3c91785d239d · 2023-08-18T06:27:26.000+02:00
Co-authored-by: Ben de Haan &lt;53901866+bendehaan@users.noreply.github.com&gt;
diff --git a/src/main/resources/explanations/challenge35.adoc b/src/main/resources/explanations/challenge35.adoc
@@ -1,3 +1,3 @@
 === Reporting on Vulnerabilities
 
-A security researcher found a Google API key and together with the project leader https://github.com/commjoen[@commjoen] made a https://github.com/OWASP/wrongsecrets/security/advisories/GHSA-vv4g-7gjw-fvqw[Security Advisory]. The only thing @commjoen dit wrong, was actually publish the API key as part of the advisory. Can you spot the key?
+A security researcher found a Google API key and together with the project leader https://github.com/commjoen[@commjoen] made a GitHub security advisory. The only thing @commjoen did wrong was publish the API key as part of the advisory. Can you spot the key?
diff --git a/src/main/resources/explanations/challenge35_reason.adoc b/src/main/resources/explanations/challenge35_reason.adoc
@@ -1,3 +1,3 @@
 *Why we need to be careful with vulnerability reports*
 
-When you report a vulnerability, or when you publish a security advisory, always be careful with the datails you spread with them. Hardcoded secrets found, especially those harder to rotate, should not be put into your security report itself and/or the publication.
+When you report a vulnerability or publish a security advisory, always be careful with the information you spread with them. Exact values of found hardcoded secrets, especially those harder to rotate, should not be put into your security report and/or the publication.

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`	`1`	`=== Reporting on Vulnerabilities`
`2`	`2`
`3`		`-A security researcher found a Google API key and together with the project leader https://github.com/commjoen[@commjoen] made a https://github.com/OWASP/wrongsecrets/security/advisories/GHSA-vv4g-7gjw-fvqw[Security Advisory]. The only thing @commjoen dit wrong, was actually publish the API key as part of the advisory. Can you spot the key?`
	`3`	`+A security researcher found a Google API key and together with the project leader https://github.com/commjoen[@commjoen] made a GitHub security advisory. The only thing @commjoen did wrong was publish the API key as part of the advisory. Can you spot the key?`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`	`1`	`Why we need to be careful with vulnerability reports`
`2`	`2`
`3`		`-When you report a vulnerability, or when you publish a security advisory, always be careful with the datails you spread with them. Hardcoded secrets found, especially those harder to rotate, should not be put into your security report itself and/or the publication.`
	`3`	`+When you report a vulnerability or publish a security advisory, always be careful with the information you spread with them. Exact values of found hardcoded secrets, especially those harder to rotate, should not be put into your security report and/or the publication.`