Commit d3f10e16 authored by Santeri Toikka's avatar Santeri Toikka
Browse files

Removed section 5.1.2

Closes #97 HAS36
parent 81a65fe1
Loading
Loading
Loading
Loading
+2 −4
Original line number Diff line number Diff line
@@ -114,6 +114,8 @@ If automateable and freely-usable vulnerability scanners are available the produ

Recognising that there may be vulnerabilities discovered between the time that a product is placed on the market and the time of that product's first use, and that the product should be free from known vulnerabilities both when first made available and when first used by a consumer.

<mark>Turn this into product specific requirement without the docs</mark>

-   **[REQ-EXPLOIT-1a]** The product shall be accompanied by documentation describing how the product may be securely updated,
-   **[REQ-EXPLOIT-1b]** including how to update the product prior to, or as part of, first use.
-   **[REQ-EXPLOIT-2]** The product shall have OS and Application upgrade instructions which makes it possible to obtain the set High Availability targets.
@@ -121,10 +123,6 @@ Recognising that there may be vulnerabilities discovered between the time that a

More about [High Availability](#53x-high-availability) in its dedicated chapter.

### 5.1.2 Secure design, development and production

This document will make normative reference to prEN 40000-1-2 "Principles for cyber resilience" [\[i.15\]](#_ref_i.15), when available.

### 5.1.3 Product vulnerability management process

This document normatively references EN 40000-1-3 "Vulnerability Handling"[\[2\]](#_ref_2) and doesn't currently add to the specified definitions.