Note that rulesets can also enforce review

docs/Concise-Guide-for-Developing-More-Secure-Software.md

@@ -13,7 +13,7 @@ Here is a concise guide for all software developers for secure software developm
 7. **Monitor known vulnerabilities in your software’s direct & indirect dependencies**. E.g., enable basic scanning via GitHub's [dependabot](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates) or GitLab [dependency scanning](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/). Many other third party Software Composition Analysis (SCA) tools are also available. Quickly update vulnerable dependencies.
 8. **Keep dependencies reasonably up-to-date**. Otherwise, it’s hard to update for vulnerabilities.
 9. **Do not push secrets to a repository**. Use tools to detect pushing secrets to a repository.
-10. **Review before accepting changes**. Enforce it, e.g., [GitHub](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches) or [GitLab](https://docs.gitlab.com/ee/user/project/protected_branches.html) protected branches.
+10. **Review before accepting changes**. Enforce this, e.g., using [GitHub](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches) or [GitLab](https://docs.gitlab.com/ee/user/project/protected_branches.html) protected branches or an equivalent [GitHub ruleset](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets).
 11. **Prominently document how to report vulnerabilities & prepare for them**.
     - Use resources like the [Guide to coordinated vulnerability disclosure](https://github.com/ossf/oss-vulnerability-guide).
     - [Explicitly disclose security issues affecting vendored dependencies](Vendored-Dependencies-Guide.md).