From 643d21c3e7ea3f694344bda2688e9b44c62cc7ac Mon Sep 17 00:00:00 2001
From: Kevin Shell <kshell@backstitch.io>
Date: Thu, 14 Nov 2024 12:07:36 -0600
Subject: [PATCH 1/2] depdencies -> dependencies

---
 cheatsheets/Software_Supply_Chain_Security_Cheat_Sheet.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cheatsheets/Software_Supply_Chain_Security_Cheat_Sheet.md b/cheatsheets/Software_Supply_Chain_Security_Cheat_Sheet.md
index a2b560ed59..400ef64551 100644
--- a/cheatsheets/Software_Supply_Chain_Security_Cheat_Sheet.md
+++ b/cheatsheets/Software_Supply_Chain_Security_Cheat_Sheet.md
@@ -92,7 +92,7 @@ Due to its transparent nature, open-source projects offer additional assessment
 
 While third-party software dependencies can greatly accelerate the development process, they are also one of the leading risks associated with modern applications. Dependencies must not only be carefully selected before they are incorporated into an application, but also carefully monitored and maintained throughout the SDLC. In order achieve this, having insight into the various dependencies consumed by software is a crucial first step. To facilitate this, SBOMs may be used. Both production and consumption of these SBOMs should be automated, preferably as part of the  organization's CI/CD process.
 
-Once the organization has inventoried depdencies, it must also monitor them for known vulnerabilities. This should also be automated as much as possible; tools such as [OWASP Dependency Check](https://owasp.org/www-project-dependency-check/) or [retire.js](https://retirejs.github.io/retire.js/) can assist in this process. Additionally, sources such as the [NVD](https://nvd.nist.gov/), [OSVDB](https://osv.dev/list), or [CISA KEV catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) may also be monitored for known vulnerabilities related to dependencies used in the organization's SSC.
+Once the organization has inventoried dependencies, it must also monitor them for known vulnerabilities. This should also be automated as much as possible; tools such as [OWASP Dependency Check](https://owasp.org/www-project-dependency-check/) or [retire.js](https://retirejs.github.io/retire.js/) can assist in this process. Additionally, sources such as the [NVD](https://nvd.nist.gov/), [OSVDB](https://osv.dev/list), or [CISA KEV catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) may also be monitored for known vulnerabilities related to dependencies used in the organization's SSC.
 
 #### SAST
 

From 733b98db70f4d282df15da97927981d625b333d3 Mon Sep 17 00:00:00 2001
From: Kevin Shell <kshell@backstitch.io>
Date: Thu, 14 Nov 2024 12:07:59 -0600
Subject: [PATCH 2/2] Solarwind -> SolarWinds

---
 cheatsheets/Software_Supply_Chain_Security_Cheat_Sheet.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cheatsheets/Software_Supply_Chain_Security_Cheat_Sheet.md b/cheatsheets/Software_Supply_Chain_Security_Cheat_Sheet.md
index 400ef64551..54167893bc 100644
--- a/cheatsheets/Software_Supply_Chain_Security_Cheat_Sheet.md
+++ b/cheatsheets/Software_Supply_Chain_Security_Cheat_Sheet.md
@@ -26,7 +26,7 @@ Given the breadth and complexity of the SSC, it is unsurprising that the threat
 
 The characteristics of threat actors seeking exploit the SSC are similarly diverse. Although SSC compromise is often associated with highly sophisticated threat actors, such sophistication is not inherently necessary for attacking the SSC, especially if the attack focuses on compromising the SSC of entities with poor security practices. Threat actor motive also varies widely, A SSC exploit can result in loss of confidentiality, integrity, and/or availability of any organization's assets and thus fulfill a wide range of attacker goals such as espionage or financial gain.
 
-Finally, it must be recognized that many SSC threats have the capability to propagate across many entities. This is due to consumer-supplier relationship that is integral to an SSC. For example, uf a large-scale software supplier, whether proprietary or open-source, is compromised, many downstream, consuming entities could also be impacted as a result. The 2020 Solarwind and 2021 Codecov incidents are excellent real-world examples of this.
+Finally, it must be recognized that many SSC threats have the capability to propagate across many entities. This is due to consumer-supplier relationship that is integral to an SSC. For example, uf a large-scale software supplier, whether proprietary or open-source, is compromised, many downstream, consuming entities could also be impacted as a result. The 2020 SolarWinds and 2021 Codecov incidents are excellent real-world examples of this.
 
 ## Mitigations and Security Best Practices