Merge branch 'security' of https://github.com/0xPolygon/polygon-docs into security

Author: CvH

docs/security/hr.md

@@ -1,15 +1,15 @@
 Polygon supports onboarding and offboarding employees by following a process that begins with each employee receiving a preconfigured laptop that auto enrolls in one of our Mobile Device Management (MDM) systems. MDM supports control of application usage and enforces security policy requirements on approved operating system versions and patch requirements. User access to shared services and Polygon approved SaaS tools is secured by providing the least amount of privileges required for an employee to perform their tasks. Privileges are role based and given to each employee based on the functional team they are assigned to.   
 
-Polygon uses single sign-on technologies to automate the administration of user access and permissions across all of our SaaS tools. Automating the provisioning and removal of users' access privileges limits the risk of human error and supports efficient auditing procedures.
+Polygon uses single sign-on technologies to automate the administration of user access and permissions across all its SaaS tools. Automating the provisioning and removal of users' access privileges limits the risk of human error and supports efficient auditing procedures.
 
 When an employee exits the company, HR changes their status in our HRIS system, automatically removing their access to our SSO integrated SaaS platforms, and IT is immediately notified to initiate the wipe and recovery of their corporate system.  
 
 ## Security awareness training
 
-Polygon utilizes a SaaS platform to provide an integrated approach to email and security awareness training for all of our employees. All employees are required to pass the training during their first weeks of employment. The key features of the platform are:
+Polygon uses a SaaS platform to provide an integrated approach to email and security awareness training for all of our employees. All employees are required to pass the training during their first weeks of employment. The key features of the platform are:
 
-- Industry-specific modules: Reinforce critical concepts mapped to key industry standards and security frameworks, including ISO, NIST, PCI DSS, GDPR, and HIPAA
-- Real-world assessment:  Safely test employees on real-world threats with de-weaponized phishing attacks
-- Comprehensive reporting: Track primary indicators of risk across the awareness training platform and take remedial action with easily discernible user risk scores
-- Integrated risk insight: Leverage real-world click behavior to identify high risk users
-- Effortless administration: 12-month programs with rapid deployment
+- Industry-specific modules: Reinforce critical concepts mapped to key industry standards and security frameworks, including ISO, NIST, PCI DSS, GDPR, and HIPAA.
+- Real-world assessment:  Safely test employees on real-world threats with de-weaponized phishing attacks.
+- Comprehensive reporting: Track primary indicators of risk across the awareness training platform and take remedial action with easily discernible user risk scores.
+- Integrated risk insight: Leverage real-world click behavior to identify high risk users.
+- Effortless administration: 12-month programs with rapid deployment.

docs/security/infrastructure.md

@@ -1,6 +1,6 @@
 ## Polygon bridge security
 
-Polygon develops and maintains bridges to transfer assets to-and-from the Ethereum blockchain for both the Polygon PoS network and Polygon zkEVM scaling solution. These bridges implement a lock-and-mint architecture which results in assets being controlled (locked) by the bridge smart contract implementations. As the aggregate value of locked assets on Polygon bridges is significant, we apply a corresponding focus on bridge security. Much of the security efforts documented here are rigorously applied to bridge security, including risk management, secure software development practices, auditing, vulnerability management, CI/CI and bug bounties. We leverate dedicated on-chain bridge monitoring.
+Polygon develops and maintains bridges to transfer assets to-and-from the Ethereum blockchain for both the Polygon PoS network and Polygon zkEVM scaling solution. These bridges implement a lock-and-mint architecture which results in assets being controlled (locked) by the bridge smart contract implementations. As the aggregate value of locked assets on Polygon bridges is significant, we apply a corresponding focus on bridge security. Much of the security efforts documented here are rigorously applied to bridge security; including risk management, secure software development practices, auditing, vulnerability management, CI/CI and bug bounties. We use dedicated on-chain bridge monitoring.
 
 ## Bridge monitoring