diff --git a/2017/A10_2017-Insufficient_Logging%26Monitoring.md b/2017/A10_2017-Insufficient_Logging%26Monitoring.md
index a35fb80..6e85ff0 100644
--- a/2017/A10_2017-Insufficient_Logging%26Monitoring.md
+++ b/2017/A10_2017-Insufficient_Logging%26Monitoring.md
@@ -35,7 +35,7 @@ In 2016, identifying a breach took an [average of 191 days](https://www-01.ibm.c
 
 {%- include t10_subsection_begin.html -%}
 {%- include t10_subsection.html token="isTheApplicationVulnerable" pos="firstLeft" -%}
-Insufficient logging, detection, monitoring and active response occurs any time:<br>
+Insufficient logging, detection, monitoring and active response never occurs:<br>
 * Auditable events, such as logins, failed logins, and high-value transactions are not logged.<br>
 * Warnings and errors generate no, inadequate, or unclear log messages.<br>
 * Logs of applications and APIs are not monitored for suspicious activity.<br>
@@ -73,4 +73,4 @@ There are commercial and open source application protection frameworks such as [
 **External**<br>
 * [CWE-223: Omission of Security-relevant Information](https://cwe.mitre.org/data/definitions/223.html)<br>
 * [CWE-778: Insufficient Logging](https://cwe.mitre.org/data/definitions/778.html)
-{% include t10_subsection_end.html %}
\ No newline at end of file
+{% include t10_subsection_end.html %}