updated a link

jhdalek55 · web-flow · commit d83e8a1fc779 · 2022-09-08T12:48:17.000-04:00
changed links as per @adityasaky
diff --git a/_posts/2022-09-09-uptane-scudo.md b/_posts/2022-09-09-uptane-scudo.md
@@ -15,7 +15,7 @@ This spring, the [Uptane](https://uptane.github.io/) project introduced Scudo, a
 
 As described in [Scudo: A Proposal for Resolving Software Supply Chain Insecurities in Vehicles](https://uptane.github.io/papers/scudo-whitepaper.pdf), an Uptane whitepaper originally published May 22, 2022, and updated in July, the framework ensures that the images being uploaded by the Uptane framework are free of tampering. It can offer this assurance because of the signed metadata in-toto generates at each step in the development, packaging, testing and delivery of a software image. This metadata attests to the authenticity of the image and allows a client to verify who performed each step and in what order. If the signature or the information in the metadata is different from what was intended, Scudo will reject it. 
 
-Scudo brings to the solution of supply chain insecurity two established open source technologies. For the past five years, Uptane has been a mainstay in secure software update systems used by a number of original equipment manufacturers (OEMs). While in-toto is new to the automotive space, it has been widely integrated into open source projects, such as [Sigstore](https://docs.sigstore.dev/cosign/attestation/), [GitLab](https://github.com/in-toto/friends/tree/main/gitlab), and [Reproducible Builds](https://github.com/in-toto/friends/tree/main/rebuilderd). Even SolarWinds, which ignited much of the recent concern about supply chain vulnerabilities when its software update mechanism inadvertently introduced malware that led to massive data breaches, [adopted in-toto as part of its re-designed security system](https://www.solarwinds.com/fr/resources/whitepaper/setting-the-new-standard-in-secure-software-development-the-solarwinds-next-generation-build-system/delivery). in-toto is also a core part of [SLSA](https://github.com/in-toto/friends/tree/main/slsa), the industry’s leading software supply chain best practices framework.
+Scudo brings to the solution of supply chain insecurity two established open source technologies. For the past five years, Uptane has been a mainstay in secure software update systems used by a number of original equipment manufacturers (OEMs). While in-toto is new to the automotive space, it has been widely integrated into open source projects, such as [Sigstore](https://docs.sigstore.dev/cosign/attestation/), [GitLab](https://github.com/in-toto/friends/tree/main/gitlab), and [Reproducible Builds](https://github.com/in-toto/friends/tree/main/rebuilderd). Even SolarWinds, which ignited much of the recent concern about supply chain vulnerabilities when its software update mechanism inadvertently introduced malware that led to massive data breaches, [adopted in-toto as part of its re-designed security system](https://www.solarwinds.com/resources/whitepaper/setting-the-new-standard-in-secure-software-development-the-solarwinds-next-generation-build-system/delivery). in-toto is also a core part of [SLSA](https://github.com/in-toto/friends/tree/main/slsa), the industry’s leading software supply chain best practices framework.
 
 ## How Scudo works
 
