@@ -110,8 +110,7 @@ Note that a container has always an operating system.
If automateable vulnerability scanners are available the product shall satisfy the following with respect to the most comprehensive of such scanners.
-**[REQ-EXPLOIT-0a]** The product shall have no vulnerabilities discovered by scans.
-**[REQ-EXPLOIT-0b]** The product shall have only discoverable vulnerabilities whose age is consistent with how long vulnerabilities may go unfixed after public disclosure.
-**[REQ-EXPLOIT-0a]** The product shall have no known exploitable vulnerabilities discovered by scans.
-**[REQ-EXPLOIT-0c]** For each detected exploitable vulnerability, the product shall have the risk mitigated.
-**[REQ-EXPLOIT-0d]** The used vulnerability scanner shall be fit for the purpose in detail, method and depth.