@@ -114,6 +114,8 @@ If automateable and freely-usable vulnerability scanners are available the produ
Recognising that there may be vulnerabilities discovered between the time that a product is placed on the market and the time of that product's first use, and that the product should be free from known vulnerabilities both when first made available and when first used by a consumer.
<mark>Turn this into product specific requirement without the docs</mark>
-**[REQ-EXPLOIT-1a]** The product shall be accompanied by documentation describing how the product may be securely updated,
-**[REQ-EXPLOIT-1b]** including how to update the product prior to, or as part of, first use.
-**[REQ-EXPLOIT-2]** The product shall have OS and Application upgrade instructions which makes it possible to obtain the set High Availability targets.
@@ -121,10 +123,6 @@ Recognising that there may be vulnerabilities discovered between the time that a
More about [High Availability](#53x-high-availability) in its dedicated chapter.
### 5.1.2 Secure design, development and production
This document will make normative reference to prEN 40000-1-2 "Principles for cyber resilience" [\[i.15\]](#_ref_i.15), when available.
### 5.1.3 Product vulnerability management process
This document normatively references EN 40000-1-3 "Vulnerability Handling"[\[2\]](#_ref_2) and doesn't currently add to the specified definitions.