Organization: textual changes

diff --git a/report/organization.tex b/report/organization.tex
index 222cfc0..13aca57 100644 (file)
--- a/report/organization.tex
+++ b/report/organization.tex
@@ -15,7 +15,9 @@ CMS. This was easy, because one of us had made a \code{Dockerfile} for the
 others to use. This made running and installing the application trivially
 easy. Running the application made us understand the outline and components of
 the application. We could also find some spots were easy to find vulnerabilities
-could be expected. However, looking at the source code was more effective.
+could be expected. However, looking at the source code was more effective,
+especially when verifying that the CMS \emph{passes} a requirement. Buggy code
+is easy to find, bugless code is not.
 
 We have chosen to split the work by category of security requirements in
 the OWASP Application Security Verification Standard. We set the goal to perform
@@ -36,7 +38,7 @@ that big. Furthermore, finding vulnerabilities is a lot easier that verifying th
 the CMS turned out to not satisfy the ASVS in most cases.
 
 % Use of Fortify
-Because we were early on track, most of the audit was already done by when we
+Because we were on track early, most of the audit was already done by when we
 were introduced to the Fortify tool. Nonetheless, we used it to verify our own
 verdicts. Some of us have installed and used the Fortify tool itself. These
 students have exported a PDF report, which the others could then use.