Minor grammar fix (extra word)

david-a-wheeler · david-a-wheeler · commit f6a65390e8ed · 2023-01-31T14:38:11.000-05:00
Signed-off-by: David A. Wheeler &lt;dwheeler@dwheeler.com&gt;
diff --git a/secure_software_development_fundamentals.md b/secure_software_development_fundamentals.md
@@ -1676,7 +1676,7 @@ There are many solutions to this problem, including the following:
 
 If you are interested in more details, see the [OWASP discussion](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service&#95;-&#95;ReDoS) about this.
 
-Note: ReDoS is often *not* a real vulnerability. Such regexes can *only* be a vulnerability if they run on a trusted system and process untrusted input. There are many tools that can detect regexes that are vulnerable to ReDoS but don't determine if the input sources are untrusted. Such tools can flood developers with so-called "vulnerabilities" that aren't really vulnerabilities. In addition, in some cases countermeasures (like maximum input sizes and timeouts) effectively eliminate ReDoS effectiveness. Even when a regex processes untrusted inputs and these countermeasures fail, ReDoS at *most* will most cause a denial of service, not a loss of confidentiality or integrity. Thus, while ReDoS can be a real vulnerability, it's often not a vulnerability or is less important. If you find yourself dealing with a large number of ReDoS vulnerability reports, recheck to see if these are real vulnerabilities.
+Note: ReDoS is often *not* a real vulnerability. Such regexes can *only* be a vulnerability if they run on a trusted system and process untrusted input. There are many tools that can detect regexes that are vulnerable to ReDoS but don't determine if the input sources are untrusted. Such tools can flood developers with so-called "vulnerabilities" that aren't really vulnerabilities. In addition, in some cases countermeasures (like maximum input sizes and timeouts) effectively eliminate ReDoS effectiveness. Even when a regex processes untrusted inputs and these countermeasures fail, ReDoS at *most* will cause a denial of service, not a loss of confidentiality or integrity. Thus, while ReDoS can be a real vulnerability, it's often not a vulnerability or is less important. If you find yourself dealing with a large number of ReDoS vulnerability reports, recheck to see if these are real vulnerabilities.
 (See [Enosuchblog's "ReDoS "vulnerabilities" and misaligned incentives"](https://blog.yossarian.net/2022/12/28/ReDoS-vulnerabilities-and-misaligned-incentives).)
 
 #### Quiz 1.5: Countering ReDoS Attacks on Regular Expressions
