@@ -102,7 +102,7 @@ System operation is always an interplay of multiple components. Modern software
[4.10.1 External security functions, not in scope of the present document]:#4101-external-security-functions-not-in-scope-of-the-present-document
### 5.1.1 No known exploited vulnerabilities
### 5.1.1 No known exploitable vulnerabilities
If the deliverable contains or requires an operating system the operating system is expected to be regularly updated and maintained. Depending on the chosen delivery method, the maintenance of the operating system can be provided by the customer of the product. Note that a container has always an operating system.
@@ -117,7 +117,7 @@ Recognising that there may be vulnerabilities discovered between the time that a
-**[REQ-EXPLOIT-1a]** The product shall be accompanied by documentation describing how the product may be securely updated,
-**[REQ-EXPLOIT-1b]** including how to update the product prior to, or as part of, first use.
-**[REQ-EXPLOIT-2]** The product shall have OS and Application upgrade instructions which makes it possible to obtain the set High Availability targets.
-**[REQ-EXPLOIT-3]** The product shall ensure that the product can be updated at the time of first use to address all known exploited vulnerabilities which were discovered after the product's placement on the market and before that first use.
-**[REQ-EXPLOIT-3]** The product shall ensure that the product can be updated at the time of first use to address all known exploitable vulnerabilities which were discovered after the product's placement on the market and before that first use.
More about [High Availability](#53x-high-availability) in its dedicated chapter.