updates

windows/security/book/security-foundation-certification.md

@@ -15,10 +15,21 @@ Microsoft is committed to supporting product security standards and certificatio
 
 The Federal Information Processing Standard (FIPS) Publication 140 is a US government standard that defines the minimum security requirements for cryptographic modules in IT products. Microsoft maintains an active commitment to meeting the requirements of the FIPS 140 standard, having validated cryptographic modules against FIPS 140-2 since it was first established. Microsoft products, including Windows 11, Windows 10, Windows Server, and many cloud services, use these cryptographic modules.
 
+:::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
+
+- [Windows FIPS 140 validation][LINK-1]
+
 ## Common Criteria (CC)
 
 Common Criteria (CC) is an international standard currently maintained by national governments who participate in the Common Criteria Recognition Arrangement. Common Criteria defines a common taxonomy for security functional requirements, security assurance requirements, and an evaluation methodology used to ensure products undergoing evaluation satisfy the functional and assurance requirements.
 
 Microsoft ensures that products incorporate the features and functions required by relevant Common Criteria Protection Profiles and completes Common Criteria certifications of Microsoft Windows products.
 
-Microsoft publishes the list of FIPS 140 and Common Criteria certified products at [Federal](/windows/security/security-foundations/certification/fips-140-validation) [Information Processing Standard (FIPS)](/windows/security/security-foundations/certification/fips-140-validation) 140 Validation and [Common Criteria Certifications.](/windows/security/threat-protection/windows-platform-common-criteria)
+:::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
+
+- [Common Criteria certifications][LINK-2]
+
+<!--links-->
+
+[LINK-1]: /windows/security/security-foundations/certification/fips-140-validation
+[LINK-2]: /windows/security/threat-protection/windows-platform-common-criteria

windows/security/book/security-foundation-offensive-research.md

@@ -19,7 +19,12 @@ A range of tools and techniques - such as threat modeling, static analysis, fuzz
 
 ## Microsoft Offensive Research and Security Engineering
 
-[Microsoft Offensive Research and Security Engineering](https://github.com/microsoft/WindowsAppSDK-Samples?msclkid=1a6280c6c73d11ecab82868efae04e5c) performs targeted design reviews, audits, and deep penetration testing of Windows features using Microsoft's open-source OneFuzz platform as part of their development and testing cycle.
+Microsoft Offensive Research and Security Engineering (MORSE) performs targeted design reviews, audits, and deep penetration testing of Windows features using Microsoft's open-source OneFuzz platform as part of their development and testing cycle.
+
+:::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
+
+- [MORSE security team takes proactive approach to finding bugs][LINK-1]
+- [MORSE Blog][LINK-2]
 
 ## Windows Insider and Bug Bounty program
 
@@ -31,5 +36,12 @@ Through this collaboration with researchers across the globe, our teams identify
 
 :::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
 
-- [Windows Insider Program](/windows-insider/get-started)
+- [Windows Insider Program][LINK-3]
-- [Microsoft bounty programs](https://www.microsoft.com/msrc/bounty)
+- [Microsoft bounty programs][LINK-4]
+
+<!--links-->
+
+[LINK-1]: https://news.microsoft.com/source/features/innovation/morse-microsoft-offensive-research-security-engineering
+[LINK-2]: (https://www.microsoft.com/security/blog/author/microsoft-offensive-research-security-engineering-team)
+[LINK-3]: /windows-insider/get-started
+[LINK-4]: https://www.microsoft.com/msrc/bounty