@@ -116,8 +116,6 @@ If automateable vulnerability scanners are available the product shall satisfy t
-**[REQ-EXPLOIT-0c]** For each detected exploitable vulnerability, the product shall have the risk mitigated.
-**[REQ-EXPLOIT-0d]** The used vulnerability scanner shall be fit for the purpose in detail, method and depth.
<mark>[REQ-EXPLOIT-0d] assesment: document the type, version, etc. in the assesment. Let the MSA decide. Tangled with the SBOM immaturity.</mark>
Recognising that there may be vulnerabilities discovered between the time that a product is placed on the market and the time of that product's first use, and that the product should be free from known exploitable vulnerabilities both when first made available and when first used by the system user.
-**[REQ-EXPLOIT-1a]** The product shall be securely updated.