@@ -94,7 +94,7 @@ The product shall be tested for all known exploitable vulnerabilities to demonst
#### 5.2.2.6 MI-SCAN: No easily scannable known exploitable vulnerabilities
If automatable and freely-usable vulnerability scanners are available for the product, then the product shall satisfy the following with respect to the three (or fewer, if fewer than three are available) most comprehensive of such scanners:
If automatable vulnerability scanners are available for the product, then the product shall satisfy the following with respect to the three (or fewer, if fewer than three are available) most comprehensive of such scanners:
1. has no vulnerabilities discovered by scans
1. has discoverable exploitable vulnerabilities whose age is consistent with the specification of how long vulnerabilities may go unfixed after public disclosure, as described in the vulnerability handling procedure for the product
