Spelling fixes

Signed-off-by: Eddie Knight <[email protected]>

ci/spelling-config.json

@@ -8,13 +8,16 @@
     "words": [
         "ABAC",
         "addfetnetgrent",
+        "Aniszczyk",
         "antifragile",
         "APAC",
         "archives",
         "ATT&CK",
         "backdoors",
+        "Benedictis",
         "Buildpacks",
         "BYOK",
+        "Cappos",
         "cgroups",
         "chainguard",
         "cisecurity",
@@ -104,20 +107,25 @@
         "pearweb",
         "PHP",
         "protobuf",
+        "Pronin",
         "ptree",
         "pyproject",
+        "Razzak",
         "RBAC",
         "Rego",
         "Roadmap",
+        "Ragashree",
         "runtimes",
         "sandboxed",
         "sandboxing",
         "Sarbanes",
+        "Sergey",
         "SAST",
         "SBOM",
         "sdlc",
         "seccomp",
         "semgrep",
+        "Shlomo",
         "Sigstore",
         "SLSA",
         "snyk",
@@ -134,6 +142,7 @@
         "Syft",
         "syscall",
         "TAR",
+        "timeframe",
         "TOCTOU",
         "toolset",
         "triage",
@@ -151,6 +160,8 @@
         "usecase",
         "venv",
         "Virtool",
-        "Wolt"
+        "Wolt",
+        "Yubi",
+        "Zalman"
     ]
 }

project-resources/security-hygiene-guide.md

@@ -65,7 +65,7 @@ We recommend that any change to the repository should be introduced as part of a
 
 ### Issue template
 
-Any ideas, bugs or enhancement suggestions reported to the project need to be tracked, and can then be discussed, triaged and prioritized/de-prioritized for implementation. GitHub Issues are one such avenue that allows tracking and managing ideas until they are brought to fruition. We recommend the following template for proposing changes to the project [CNCF TAG Security Project Resouces - Issue Template](/project-resources/templates/ISSUE_TEMPLATE.md).
+Any ideas, bugs or enhancement suggestions reported to the project need to be tracked, and can then be discussed, triaged and prioritized/de-prioritized for implementation. GitHub Issues are one such avenue that allows tracking and managing ideas until they are brought to fruition. We recommend the following template for proposing changes to the project [CNCF TAG Security Project Resources - Issue Template](/project-resources/templates/ISSUE_TEMPLATE.md).
 
 ### Commit signing
 
@@ -104,13 +104,13 @@ Self-assessment dives into the following aspects of the project to understand th
 7. Secure development practices
 8. Resolving security issues
 
-A template to perform the self assessment is available at [CNCF TAG Security Project Resouces - Self-assessment](/community/assessments/guide/self-assessment.md). All the assessments (self-assessment and joint assessment) conducted by TAG Security can be found at TAG Security GitHub repository. As an example, self assessments are available within the dedicated project folders at [Assessments folder of the CNCF TAG Security GitHub repository](/community/assessments/projects). Further sections (SECURITY.md in particular) in this document provide some of the pointers to address the gaps and create the necessary process & documentation.
+A template to perform the self assessment is available at [CNCF TAG Security Project Resources - Self-assessment](/community/assessments/guide/self-assessment.md). All the assessments (self-assessment and joint assessment) conducted by TAG Security can be found at TAG Security GitHub repository. As an example, self assessments are available within the dedicated project folders at [Assessments folder of the CNCF TAG Security GitHub repository](/community/assessments/projects). Further sections (SECURITY.md in particular) in this document provide some of the pointers to address the gaps and create the necessary process & documentation.
 
 ## 3. SECURITY.md
 
 Awareness and processes are a big part of enforcing security in any project. A SECURITY.md file in your repository should talk about the security considerations of the project, and the efforts undertaken to ensure that there are policies and processes in place to report vulnerabilities to the project maintainers, and for project maintainers to notify the community of the status of the vulnerabilities. It should also list the dedicated personnel responsible to address these vulnerabilities in a timely manner. In GitHub, the SECURITY.md file creates a security policy, and when someone creates an issue in your repository, they will see a link to your project's security policy. Further information regarding security policy is available at [GitHub Docs - Adding a security policy to your repository](https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository).
 
-CNCF Technical Advisory Group for Security maintains a number of templates to assist projects in addressing these sections, which can be found at [CNCF TAG Security GitHub repository, under Project Resouces folder](/project-resources). A special thank you to Google's OSS vulnerability guide folks for making the Security TAG aware of this collection of resources upon which much of this content was built on.
+CNCF Technical Advisory Group for Security maintains a number of templates to assist projects in addressing these sections, which can be found at [CNCF TAG Security GitHub repository, under Project resources folder](/project-resources). A special thank you to Google's OSS vulnerability guide folks for making the Security TAG aware of this collection of resources upon which much of this content was built on.
 
 Disclaimer: These resources are designed to be helpful to projects and organizations, they require customization and configuration by the project intending to use them. It does not prevent security issues from being found in a project, will not automatically resolve them, and does not place CNCF Security TAG as the responsible party. If changes are made to these templates, projects are not required to pull in a new update.
 
@@ -120,7 +120,7 @@ This document is an outcome of the self-assessment which articulates all the mea
 
 ## 3.2 Security contacts
 
-This document states who are the personnel to reach out to in case of any security questions regarding the project, including but not limited to the triaging and handling of incoming security issues or security reports. Security contacts could be external participants and are not limited to being the maintainers of the projects. A template for this document is available at [CNCF TAG Security Project Resouces - Security Contacts](/project-resources/templates/SECURITY_CONTACTS.md)
+This document states who are the personnel to reach out to in case of any security questions regarding the project, including but not limited to the triaging and handling of incoming security issues or security reports. Security contacts could be external participants and are not limited to being the maintainers of the projects. A template for this document is available at [CNCF TAG Security Project resources - Security Contacts](/project-resources/templates/SECURITY_CONTACTS.md)
 
 **NOTE**
 
@@ -130,7 +130,7 @@ CNCF could help create a mailing address (through service desk ticket) should pr
 
 Vulnerabilities are sensitive information and exposure of information regarding vulnerabilities without the availability of a patch generates unintended risk for all the consumers of this project, hence it should be handled with caution.
 
-At a minimum, the vulnerability reporting policy projects should include is as follows, A template for this document is available at [CNCF TAG Security Project Resouces - Reporting a Vulnerability](/project-resources/templates/SECURITY.md#reporting-a-vulnerability):
+At a minimum, the vulnerability reporting policy projects should include is as follows, A template for this document is available at [CNCF TAG Security Project resources - Reporting a Vulnerability](/project-resources/templates/SECURITY.md#reporting-a-vulnerability):
 
 1. The medium to report vulnerabilities - Email, Web form etc.
 2. Disclosure timeline
@@ -152,7 +152,7 @@ The vulnerabilities reported to the project are then handled by the security poi
 5. The consequences of any violations
 6. Disclosure timeline
 
-A template for this document is available at [CNCF TAG Security Project Resouces - Embargo Policy](/project-resources/templates/embargo-policy.md)
+A template for this document is available at [CNCF TAG Security Project resources - Embargo Policy](/project-resources/templates/embargo-policy.md)
 
 ## 3.5 Security notifications
 
@@ -168,7 +168,7 @@ The vulnerabilities may need to be reported to certain stakeholders, and for thi
 8. Timeline of events associated with this notification
 9. Any additional information relevant for this notification
 
-A template for this notification is available at [CNCF TAG Security Project Resouces - Embargo](/project-resources/templates/embargo.md)
+A template for this notification is available at [CNCF TAG Security Project resources - Embargo](/project-resources/templates/embargo.md)
 
 ## 4. Incident Response
 
@@ -188,7 +188,7 @@ Incidence response primarily states how the vulnerability is triaged, replicated
   1. If a CVE is already present, request the CVE
 4. Patch publication and Notification
 
-In addition to the above, you could also consider adding relevant timelines, including but not limited to third party disclosure timelines. A template for the incident management process is available at [CNCF TAG Security Project Resouces - Incident Response](/project-resources/templates/incident-response.md)
+In addition to the above, you could also consider adding relevant timelines, including but not limited to third party disclosure timelines. A template for the incident management process is available at [CNCF TAG Security Project resources - Incident Response](/project-resources/templates/incident-response.md)
 
 ## 5. OpenSSF best practices badging