@@ -643,9 +643,9 @@ Recommendation: Therefore, manufacturers of operating systems which are intended
**[RF-SOFT]:** Manufacturers of operating systems may implement protective measures, such as hardening the system against loss of integrity (caused by existing interfaces or unknown flaws), to mitigate memory safety based threats to the device.
*PHYS-0: only used in environments without untrusted code and no processing of external inputs
*PHYS-1: may be incidentally exposed to untrusted software or external inputs
*PHYS-2: used primarily to run untrusted software or process external inputs
*SOFT-0: only used in environments without untrusted code and no processing of external inputs
*SOFT-1: may be incidentally exposed to untrusted software or external inputs
*SOFT-2: used primarily to run untrusted software or process external inputs
FIXME this may be a useful summary of exposure to hostile software or it may be more useful to split it into the sources of risk
