Add a missing parenthesis

Signed-off-by: David A. Wheeler <[email protected]>
ossf · Dec 3, 2024 · 5e13786 · 5e13786
1 parent a7f2313
commit 5e13786
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/docs/Concise-Guide-for-Developing-More-Secure-Software.md b/docs/Concise-Guide-for-Developing-More-Secure-Software.md
@@ -7,7 +7,7 @@ Here is a concise guide for all software developers for secure software developm
 1. **Ensure all privileged developers use** [**multi-factor authentication (MFA) tokens**](https://github.com/ossf/great-mfa-project/blob/main/guide/token-usage-guide.md#readme). This includes those with commit or accept privileges. MFA hinders attackers from “taking over” these accounts.
 2. **Learn about secure software development.** Take, e.g., the [free OpenSSF course](https://openssf.org/training/courses/) or the hands-on [Security Knowledge Framework](https://www.securityknowledgeframework.org/) course. [SAFECode’s Fundamental Practices](https://safecode.org/wp-content/uploads/2018/03/SAFECode_Fundamental_Practices_for_Secure_Software_Development_March_2018.pdf) [for Secure Software Development](https://safecode.org/wp-content/uploads/2018/03/SAFECode_Fundamental_Practices_for_Secure_Software_Development_March_2018.pdf) provides a helpful summary.
 3. **Use a combination of tools in your CI pipeline to detect vulnerabilities**. See the [OpenSSF guide to security tools](https://github.com/ossf/wg-security-tooling/blob/main/guide.md#readme). Tools shouldn’t be the _only_ mechanism, but they scale.
-4. **Evaluate software before selecting it as a direct dependency**. Only add it if needed, evaluate it (see [Concise Guide for Evaluating Open Source Software](https://best.openssf.org/Concise-Guide-for-Evaluating-Open-Source-Software), double-check its name (to counter typosquatting), and ensure it’s retrieved from the correct repository.
+4. **Evaluate software before selecting it as a direct dependency**. Only add it if needed, evaluate it (see [Concise Guide for Evaluating Open Source Software](https://best.openssf.org/Concise-Guide-for-Evaluating-Open-Source-Software)), double-check its name (to counter typosquatting), and ensure it’s retrieved from the correct repository.
 5. **Use package managers**. Use package managers (system, language-level, and/or container-level) to automatically manage dependencies and enable rapid updates.
 6. **Implement automated tests**. Include negative tests (tests that what shouldn’t happen doesn’t happen) and ensure the test suite is thorough enough to “ship if it passes the tests”.
 7. **Monitor known vulnerabilities in your software’s direct & indirect dependencies**. E.g., enable basic scanning via GitHub's [dependabot](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates) or GitLab [dependency scanning](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/). Many other third party Software Composition Analysis (SCA) tools are also available. Quickly update vulnerable dependencies.