docs: update based on feedback

Signed-off-by: Adam Talbot <[email protected]>

.spelling

@@ -654,8 +654,10 @@ v1.13.
 v1.12.5
 v1.12.6
 v1.12.7
+v1.12.8
 v1.14.0
 v1.14.x
+v1.14.3
 liveness
 apiservices
 arm64

content/announcements/2024-03-04-cert-manager-security-audit.md

@@ -5,20 +5,22 @@ description: As part of our graduation processes cert-manager has completed a se
 date: 03-04-2024
 ---
 
-Between late 2023 and early 2024 the cert-manager project has undergone a security audit by the team at [Ada Logics](https://adalogics.com/). This is part of the ongoing [graduation of cert-manager](https://github.com/cncf/toc/pull/1212).
+In late 2023 the cert-manager project began a security audit, sponsored by the [CNCF](https://www.cncf.io/) and carried out by the team at [Ada Logics](https://adalogics.com/), as part of the ongoing effort for cert-manager to  [reach "graduated" status](https://github.com/cncf/toc/pull/1212) in the CNCF.
 
-The goal of the engagement was to assess cert-managers code quality, its development and its release practices. The thread model was determined along with potential threat actors, the codebase was reviewed, dependencies were evaluated and the project was integrated into OSS-Fuzz.
+The goal of the engagement was to assess cert-manager's code quality, along with checking its development and release practices and dependencies. In addition, the audit team integrated cert-manager into Google's [OSS-Fuzz](https://github.com/google/oss-fuzz) project to help catch bugs on an ongoing basis.
 
-The threat model of cert-manager is built upon the existing threat model for acquiring certificates from issuers. However, the specific procedures for acquiring certificates as documented by external entities were not scrutinized in this audit. 
+The team evaluated threats from contributors to cert-manager or any of its dependencies, from users on the clusters where cert-manager is deployed and from external users in cases where cert-manager could process input from untrusted internet users. 
 
-Threat actors include contributors to cert-manager or any of its dependencies, users on the clusters where cert-manager is deployed and external users in cases where cert-manager is deployed in use cases that process input from untrusted internet users. 
+For a full breakdown of the threat model and actors, see the [full report](TODO).
 
-For a full breakdown of the threat model and actors, see the [full report](TODO). 
-
-A total of 8 issues were raised as part of the audit, of which 5 were low severity, 2 were moderate severity and 1 was informational. All issues have been resolved as of cert-manager 1.12.8, v1.13.4 and 1.14.3.
+A total of 8 issues were raised as part of the audit, of which 5 were low severity, 2 were moderate severity and 1 was informational. All issues have been resolved as of cert-manager v1.12.8, v1.13.4 and v1.14.3.
 
 Dependencies of the cert-manager project were assessed using [OpenSSF Scorecard](https://github.com/ossf/scorecard). This is a process that scores repositories using several factors to build a picture of their maintenance status and suitability. Based on the results, three dependencies have been removed from cert-manager. The full findings and scoring for dependencies can be found on the [full report](TODO). 
 
-On top of assessing existing dependencies, the cert-manager team have [opened an issue](TODO) to investigate how we can implement a strategy for evaluating new dependencies as they arise.
+We've [opened an issue](TODO) for implementing a strategy for evaluating new dependencies as they arise.
+
+The cert-manager maintainer team would like to send a special thanks to the team at [Ada Logics](https://adalogics.com/) - in particular Adam Korczynski and David Korczynski - for completing this audit smoothly and professionally.
+
+In addition, the project would of course like to thank the CNCF for their sponsorship of this audit, and [Venafi](https://venafi.com/) who sponsored maintainer time to respond to and fix the findings in the report.
 
-Thanks to to team at [Ada Logics](https://adalogics.com/), in particular Adam Korczynski and David Korczynski for completing this audit, it was an all-round pleasant experience with no real hiccups. Also thanks to CNCF who facilitated this audit and are key to the ongoing support of cert-manager.
+This security audit was the last major blocker for cert-manager's journey to graduation, and we'll be looking forward to working closely with the CNCF to try and achieve that goal in the coming months!