modify SLSA section

Signed-off-by: Adam Korczynski <[email protected]>

blog/docs/events/security-audit-2023.md

@@ -16,7 +16,7 @@ Ada Logics found 16 security issues of which all except for one have been fixed
 
 One CVE was assigned during the audit for a vulnerability that could allow an attacker with already escalated privileges to cause further damage in the cluster. The attacker needs to first establish a position in a Knative pod, and from there, they could exploit the vulnerability and cause denial of service of the Knative autoscaling, thereby denying any autoscaling of Knative. The issue was assigned CVE-2023-48713 of Moderate severity and has been fixed in v1.10.5, v1.12.0 and v1.11.3.
 
-The auditors recommend that Knative adopt the [slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator), an official SLSA-maintained project. slsa-github-generator ensures tamper-resistance of artifacts by producing verifiable provenance, thereby mitigating a series of known supply-chain risks, many of which have been exploited in the wild in recent years. 
+The auditors found that Knative does not include provenance with releases; Provenance is a critical component of complying with [SLSA](https://slsa.dev/)  and ensuring tamper resistance of release artifacts. Recently, the SLSA community released v1.9.0 of the [slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) which produces SLSA L3 compliant provenance. slsa-github-generator ensures tamper-resistance of artifacts by producing verifiable provenance, thereby mitigating a series of known supply-chain risks, many of which have been exploited in the wild in recent years. Ada Logics recommend that Knative switches its build to the slsa-github-generator to comply with SLSA L3.
 
 Knative would like to thank Ada Logics for conducting the security audit, OSTIF for facilitating it and the CNCF for funding the audit.