Apply suggestions from code review

Co-authored-by: lena-larionova <54370747+lena-larionova@users.noreply.github.com>

app/_src/mesh/vulnerability-patching-process.md

@@ -3,18 +3,20 @@ title: Vulnerability Patching Process
 badge: enterprise
 ---
 
-{{site.mesh_product_name}} is primarily delivered as [binary files](/mesh/{{page.release}}/install) installable artifacts. Kong also offers Docker images with the artifacts preinstalled as a convenience to customers. At the time of release, all artifacts and images are patched, scanned and are free of publicly-known vulnerabilities. 
+{{site.mesh_product_name}} is primarily delivered as [binary file](/mesh/{{page.release}}/install) artifacts. Kong also offers Docker images with the artifacts preinstalled as a convenience to customers. At the time of release, all artifacts and images are patched, scanned, and are free of publicly-known vulnerabilities. 
 
-## Types of Vulnerabilities
+## Types of vulnerabilities
 
 Generally, there may be three types of vulnerabilities:
-* In {{site.mesh_product_name}} code
-* In third-party code that {{site.mesh_product_name}} directly links (such as Envoy, CoreDNS, OPA, etc)
-* In third-party code that is part of the convenience Docker image (such as Python, Perl, cURL, etc). This code is not part of {{site.mesh_product_name}}.
+* In {{site.mesh_product_name}} code.
+* In third-party code that {{site.mesh_product_name}} directly links (such as Envoy, CoreDNS, OPA, and so on).
+* In third-party code that is part of the convenience Docker image (such as Python, Perl, cURL, and so on). This code is not part of {{site.mesh_product_name}}.
 
-Vulnerabilities reported in {{site.mesh_product_name}} code will be assessed by Kong and if the vulnerability is validated, a CVSS3.0 score will be assigned. Based on the CVSS score, Kong will aim to produce patches for all applicable {{site.mesh_product_name}} versions currently under support within the SLAs below. The SLA clock starts from the day the CVSS score is assigned.
+Vulnerabilities reported in {{site.mesh_product_name}} code will be assessed by Kong. If the vulnerability is validated, a CVSS3.0 score will be assigned. Based on the CVSS score, Kong will aim to produce patches for all applicable {{site.mesh_product_name}} versions currently under support within the SLAs below. The SLA clock starts from the day the CVSS score is assigned.
 
-For a CVSS 3.0 Critical vulnerability (CVSS > 9.0), Kong will provide a workaround/recommendation as soon as possible.  This will take the shape of a configuration change recommendation, if available. If there is no workaround/recommendation readily available, Kong will use continuous efforts to develop one.  For a CVSS <9.0, Kong will use commercially-reasonable efforts to provide a workaround or patch within the applicable SLA period.
+For a CVSS 3.0 Critical vulnerability (CVSS > 9.0), Kong will provide a workaround or recommendation as soon as possible. This will take the shape of a configuration change recommendation, if available. If there is no workaround or recommendation readily available, Kong will use continuous efforts to develop one. 
+
+For a CVSS < 9.0, Kong will use commercially-reasonable efforts to provide a workaround or patch within the applicable SLA period.
 
 |  CVSS 3.0 Criticality | CVSS 3.0 Score |  SLA |
 |---|---|---|
@@ -24,7 +26,7 @@ For a CVSS 3.0 Critical vulnerability (CVSS > 9.0), Kong will provide a workarou
 |  Low |  0.1 - 3.9 | 180 days  |
 
 
-Vulnerabilities reported in third party-code that {{site.mesh_product_name}} links directly must have confirmed CVE numbers assigned. Kong will aim to produce patches for all applicable {{site.mesh_product_name}} versions currently under support within the SLA reproduced in the table below. The SLA clock for these vulnerabilities starts from the day the upstream (third party) announces availability of patches.  
+Vulnerabilities reported in third-party code that {{site.mesh_product_name}} links directly must have confirmed CVE numbers assigned. Kong will aim to produce patches for all applicable {{site.mesh_product_name}} versions currently under support within the SLA reproduced in the table below. The SLA clock for these vulnerabilities starts from the day the upstream (third party) announces availability of patches.  
 
 |  CVSS 3.0 Criticality | CVSS 3.0 Score |  SLA |
 |---|---|---|
@@ -34,9 +36,9 @@ Vulnerabilities reported in third party-code that {{site.mesh_product_name}} lin
 |  Low |  0.1 - 3.9 | 180 days  |
 
 
-Vulnerabilities reported in third-party code that is part of the convenience Docker images are only addressed by Kong as part of the regularly scheduled release process. These vulnerabilities are not exploitable during normal {{site.mesh_product_name}} operations. Kong always applies all available patches when releasing a Docker image, but by definition images accrue vulnerabilities over time. All customers using containers are strongly urged to generate their own images using their secure corporate approved base images. Customers wishing to use the convenience images from Kong should always apply the latest patches for their Gateway version to receive the latest patched container images. Kong does not undertake to address third-party vulnerabilities in convenience images outside of the scheduled release mechanism.
+Vulnerabilities reported in third-party code that is part of the convenience Docker images are only addressed by Kong as part of the regularly scheduled release process. These vulnerabilities are not exploitable during normal {{site.mesh_product_name}} operations. Kong always applies all available patches when releasing a Docker image, but by definition images accrue vulnerabilities over time. All customers using containers are strongly urged to generate their own images using their secure corporate-approved base images. Customers wishing to use the convenience images from Kong should always apply the latest patches for their Gateway version to receive the latest patched container images. Kong does not undertake to address third-party vulnerabilities in convenience images outside of the scheduled release mechanism.
 
-## Reporting Vulnerabilities in Kong code
+## Reporting vulnerabilities in Kong code
 
 If you are reporting a vulnerability in Kong code, we request you to follow the instructions in the [Kong Vulnerability Disclosure Program](https://konghq.com/compliance/bug-bounty).