Update security.md

dotnet · Sep 12, 2024 · 3c6cf30 · 3c6cf30
1 parent 790f02b
commit 3c6cf30
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/docs/core/deploying/native-aot/security.md b/docs/core/deploying/native-aot/security.md
@@ -16,11 +16,11 @@ Since native AOT generates all code at the time of publishing the app, no new ex
 
 ## Restricted reflection surface
 
-When apps are published with native AOT, the compiler analyzes the usage of reflection within the app. Only the program elements that were deemed to be targets of reflection are available for reflection at run time. Places within the program that attempt to do unconstrained reflection get flagged using [trimming warnings](../trimming/fixing-warnings.md). Program elements that were not intended to be targets of reflection cannot be reflected on. This can prevent a class of issues where a malicious actor gets in control of what the program reflects on and invokes unintended code.
+When apps are published with native AOT, the compiler analyzes the usage of reflection within the app. Only the program elements that were deemed to be targets of reflection are available for reflection at run time. Places within the program that attempt to do unconstrained reflection get flagged using [trimming warnings](../trimming/fixing-warnings.md). Program elements that were not intended to be targets of reflection cannot be reflected on. This can prevent a class of issues where a malicious actor gets in control of what the program reflects on and invokes unintended code. This includes approaches that use `Assembly.LoadFrom` or `Reflection.Emit` - neither of those work with native AOT and their use gets flagged with a warning at build time.
 
 ## Control Flow Guard
 
-[Control Flow Guard](/windows/win32/secbp/control-flow-guard) is a highly-optimized platform security feature that was created to combat memory corruption vulnerabilities. By placing tight restrictions on where an application can execute code from, it makes it much harder for exploits to execute arbitrary code through vulnerabilities such as buffer overflows.
+[Control Flow Guard](/windows/win32/secbp/control-flow-guard) is a highly-optimized platform security feature on Windows that was created to combat memory corruption vulnerabilities. By placing tight restrictions on where an application can execute code from, it makes it much harder for exploits to execute arbitrary code through vulnerabilities such as buffer overflows.
 
 To enable Control Flow Guard on you native AOT app set the `ControlFlowGuard` property in the published project.