Changes to the Readme file

raulgarciamsft · raulgarciamsft · commit cba9f421ad3e · 2021-02-17T10:05:22.000-08:00
diff --git a/csharp/ql/src/experimental/Security Features/campaign/Solorigate-Readme.md b/csharp/ql/src/experimental/Security Features/campaign/Solorigate-Readme.md
@@ -2,9 +2,9 @@
 
 In early December, 2020 a sophisticated compromise campaign was uncovered, dubbed [Solorigate](https://aka.ms/solorigate).  A key feature of the campaign was a malicious software implant inserted into SolarWinds' Orion product on the build server. Studying the coding patterns and techniques used in the implant, Microsoft authored CodeQL queries as part of a larger effort to analyze our source code for any malicious modification - a brief summary of those efforts can be [found here](https://aka.ms/Solorigate-CodeQL-Blog). These queries here represent a mixture of techniques to look for code that shares features with the malicious Implant code.
 
-This ReadMe walks through what each query does and limitations of the approaches taken, suggestions for modifications, and general advice on using CodeQL to author backdoor hunting queries.  There are two approaches taken with the queries; the first is to look for syntactic characteristics used in the malicious implant, things like names and particular literals.  The second approach looks for semantic patterns – particular functionality and flow associated with the implant.  
+This ReadMe walks through what each query does and limitations of the approaches taken, suggestions for modifications, and general advice on using CodeQL to author backdoor hunting queries.  There are two approaches taken with the queries; the first is to look for syntactic characteristics used in the malicious implant, things like names and particular literals.  The second approach looks for semantic patterns – particular functionality and flow associated with the implant.  In both cases it is possible, and sometimes likely, that benign code will coincidentally match the patterns these queries look for, so all findings will need to be reviewed to either verify or rule out the providence of the source code being flagged.  The descriptions of each query try to capture the likely coincidence of findings in code of benign providence.
 
-When editing this queries for open sourcing, we tried to find the right balance between detection capability and false positive rate, mindful that different organizations have differing resources to review the findings.  We also excluded queries that we found to be resource intensive when executing without providing significant detective value over these queries here.  In the coming weeks we will post on [our blog](https://aka.ms/CST-SE-Blog) a walk through of our experience authoring and tuning these queries, as well as discussing the challenges we saw with the queries we didn't open source.
+When editing this queries for open sourcing, we tried to find the right balance between detection capability and false positive rate, mindful that different organizations have differing resources to review the findings.  We also excluded queries that we found to be resource intensive when executing without providing significant detective value over these queries here.  
 
 ## Syntactic queries
 
