Tiny fix for 2024-03-15-password-reset-vulnerability.md.

_posts/2024-03-15-password-reset-vulnerability.md

@@ -9,7 +9,7 @@ Have you ever thrown actual spaghetti at a wall? It’s funny, sticky and barely
 
 Running a bug bounty program means a stream of incoming reports, not all of them correct, that must be reviewed. After receiving enough dire-sounding reports that ultimately lead nowhere, it can look like thrown spaghetti (a see-what-sticks approach). Though we try to give each report a thorough, unbiased evaluation, it’s difficult to keep an open mind about any given report.
 
-Dead-end reports cost the RubyGems security team time, and slow down our ability to address more urgent security issues. I once spent days working on a vulnerability and the result was “clicking that checkbox in BurpSuite invalidates this approach.”
+Dead-end reports cost the RubyGems security team time, and slow down our ability to address more urgent security issues. I once spent days working on a vulnerability and the result was: _clicking that checkbox in BurpSuite invalidates this approach._
 
 But sometimes a hacker finds a very real security issue. This is a story about a recent bug report that I almost closed, assuming it was another false alarm, and how I realized I was wrong.