[Acrolinx] Security foundation

windows/security/book/security-foundation-offensive-research.md

@@ -15,7 +15,7 @@ The Microsoft Security Development Lifecycle (SDL) introduces security best prac
 
 ## OneFuzz service
 
-A range of tools and techniques - such as threat modeling, static analysis, fuzz testing, and code quality checks - enable continued security value to be embedded into Windows by every engineer on the team from day one. Through the SDL practices, Microsoft engineers are continuously provided with actionable and up-to-date methods to improve development workflows and overall product security before the code has been released.
+A range of tools and techniques - such as threat modeling, static analysis, fuzz testing, and code quality checks - enable continued security value to be embedded into Windows by every engineer on the team from day one. Through the SDL practices, Microsoft engineers are continuously provided with actionable and up-to-date methods to improve development workflows and overall product security before the code is released.
 
 ## Microsoft Offensive Research and Security Engineering
 
@@ -27,7 +27,7 @@ As part of our secure development process, the Microsoft Windows Insider Preview
 
 The goal of the Windows Insider Preview bounty program is to uncover significant vulnerabilities that have a direct and demonstrable impact on the security of customers using the latest version of Windows.
 
-Through this collaboration with researchers across the globe, our teams identify critical vulnerabilities that were not previously found during development and quick fix the issues before releasing our final Windows.
+Through this collaboration with researchers across the globe, our teams identify critical vulnerabilities and quickly fix the issues before releasing our final Windows.
 
 :::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
 

windows/security/book/security-foundation-secure-supply-chain.md

@@ -9,14 +9,14 @@ ms.date: 04/09/2024
 
 :::image type="content" source="images/security-foundation.png" alt-text="Diagram of containing a list of security features." lightbox="images/security-foundation.png" border="false":::
 
-The end-to-end Windows 11 supply chain is complex, extending from the entire development process to components such as chips, firmware, drivers, operating system, and apps from other organizations, manufacturing, and security updates. Microsoft invests significantly in Windows 11 supply chain security, as well as the security of features and components. In 2021, the United States issued an executive order on enhancing the nation's cybersecurity. The executive order, along with various attacks like SolarWinds and WannaCry, elevated the urgency and importance of ensuring a secure supply chain.
+The end-to-end Windows 11 supply chain is complex. It extends from the entire development process, to components such as chips, firmware, drivers, operating system, and apps from other organizations, manufacturing, and security updates. Microsoft invests significantly in Windows 11 supply chain security, and the security of features and components. In 2021, the United States issued an executive order on enhancing the nation's cybersecurity. The executive order, along with various attacks like SolarWinds and WannaCry, elevated the urgency and importance of ensuring a secure supply chain.
 
 Microsoft requires the Windows 11 supply chain to comply with controls including:
 
 - Identity management and user access control
   - Access control
   - Principles of least privilege
-  - RBAC
+  - Role-based access control (role-based access control)
   - Segregation of duties
   - MFAs
   - Account management
@@ -42,7 +42,7 @@ Microsoft requires the Windows 11 supply chain to comply with controls including
   - Manufacturing security
   - Physical security monitoring
 - Supplier security control
-  - SSPA
+  - Supplier Security and Privacy Assurance (SSPA)
   - Supplier screening
   - Supplier inventory
 - Logistics security control
@@ -53,14 +53,14 @@ Microsoft requires the Windows 11 supply chain to comply with controls including
 
 ## Software bill of materials (SBOM)
 
-In addition to following the above supply chain security controls, SBOMs are leveraged to provide the transparency and provenance of the content as it moves through various stages of the Windows supply chain. This enables trust between each supply chain segment, ensures that tampering has not taken place during ingestion and along the way, and provides a provable chain of custody for the product that we ship to customers.
+In addition to following the supply chain security controls, SBOMs are used to provide the transparency and provenance of the content as it moves through various stages of the Windows supply chain. This enables trust between each supply chain segment, ensures that tampering doesn't take place during ingestion and along the way, and provides a provable chain of custody for the product that we ship to customers.
 
 Code-signing software is the best way to guarantee application integrity and authenticity and helps users distinguish between trusted applications and malware before downloading or installing. Code signing proprietary applications and software from other organizations greatly reduces the complexity of creating and managing application control policies. Code signing enables the creation and deployment of certificate chain-based application control policies, which can then be cryptographically enforced.
 
-Traditionally, code signing has been a difficult undertaking due to the complexities involved in obtaining certificates, securely managing those certificates, and integrating a proper signing process into the development and continuous integration and continuous deployment (CI/CD) pipelines.
+Traditionally, the task of code signing posed challenges due to the complex steps required to acquire certificates. The secure management of these certificates, the integration of a proper signing process into the development, and the continuous integration and deployment pipelines, added to the difficulty.
 
 ## Windows App software development kit (SDK)
 
 Developers can design highly secure applications that benefit from the latest Windows 11 safeguards using the Windows App SDK. The SDK provides a unified set of APIs and tools for developing secure desktop apps for Windows 11 and Windows 10. To help create apps that are up to date and protected, the SDK follows the same security standards, protocols, and compliance as the core Windows operating system.
 
-If you are a developer, you can find security best practices and information at [Windows application development - best practices](/windows/security/threat-protection/windows-platform-common-criteria#security-and-privacy). You can get started with [Windows App SDK samples on GitHub](/windows/security/threat-protection/fips-140-validation#windows-app-sdk-samples). For an example of the continuous security process in action with the Windows App SDK, see the [most recent release](https://insider.windows.com/#version-11).
+If you're a developer, you can find security best practices and information at [Windows application development - best practices](/windows/security/threat-protection/windows-platform-common-criteria#security-and-privacy). You can get started with [Windows App SDK samples on GitHub](/windows/security/threat-protection/fips-140-validation#windows-app-sdk-samples). For an example of the continuous security process in action with the Windows App SDK, see the [most recent release](https://insider.windows.com/#version-11).