From e7350394b9bd54bd8f5b427775e007f13fc56ba4 Mon Sep 17 00:00:00 2001
From: Chris Chinchilla <chris@chrischinchilla.com>
Date: Wed, 26 Apr 2023 16:10:51 +0200
Subject: [PATCH] Clarify

Signed-off-by: Chris Chinchilla <chris@chrischinchilla.com>
---
 scout/advisory-db-sources.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scout/advisory-db-sources.md b/scout/advisory-db-sources.md
index 94b5c48e69..fd1f3c2eec 100644
--- a/scout/advisory-db-sources.md
+++ b/scout/advisory-db-sources.md
@@ -70,9 +70,9 @@ Artifactory](https://docs.docker.com/scout/artifactory/).
 
 Many other tools use fuzzy [Common Product Enumeration
 (CPE)](https://en.wikipedia.org/wiki/Common_Platform_Enumeration) matching with
-wild cards to attempt to match potential vulnerabilities in packages and
-operating systems. This can return a lot of false positives which you need to
-triage.
+wild cards to known vulnerabilities with the versions of software packages they affect.
+This can return a lot of false positives which you need to triage.
+
 
 The typical structure of a CPE match looks like this: