@@ -438,6 +438,17 @@ The operating system can choose which thread to schedule based on factors such a
* Resource limits
* Performance considerations
### 4.3.6 Vulnerability Handling
When a Product with Digital Element's essential functionality is not that of an operating system, and it contains an operating system, then the manufacturer of the operating system shall provide:
1. clear documentation of all essential security capabilities, and
1. unique, unambiguous, and machine-readable identification of all components of the operating system, including integrated third party components, in a format consistent with common vulnerability handling standards.
Providing this information enables the manufacturer of the PwDE which integrates the operating system to:
1. verify that the PwDE's forseeable use case can rely on appropriate security protections from the operating system, and
1. verify that the PwDE is free of known vulnerabilities at the time it is placed on the market, and
1. proactively monitor for the disclosure of new vulnerabilities in the operating system and its dependencies which might affect the security of the PwDE.
## 4.4 Use Cases
_The following use cases are provided to assist manufacturers in selecting risk factors and security levels. This is not intended to be an exhaustive or complete list of all possible use cases._
