@@ -64,7 +64,7 @@ The product shall implement automatic secure update by default before or during
#### 5.2.2.4 MI-KEVM: Documentation of mitigation of known exploitable vulnerabilities
The product's development and release process shall include a process to document known exploitable vulnerabilities in the product and their fixes or mitigations. The documentation for this process shall conform with the process described in prEN 40000-1-3: "Cybersecurity requirements for products with digital elements – Vulnerability Handling" [\[2\]](#_ref_2). The product shall be compliant with this requirement if it:
The product's development and release process shall include a process to document known exploitable vulnerabilities in the product and their fixes or mitigations. The documentation for this process shall conform with the process described in prEN 40000-1-3: "Cybersecurity requirements for products with digital elements – Vulnerability Handling" [\[2\]](#_ref_2). The product is deemed to be compliant with this requirement if it:
1. has no known exploitable vulnerabilities
1. has known exploitable vulnerabilities whose age is consistent with the specification of how long vulnerabilities may go unfixed after public disclosure, as described in the vulnerability handling procedure for the product
