From 07abd726a232c8b9014dc7b6654c9552f2955c0d Mon Sep 17 00:00:00 2001 From: Elar Lang Date: Fri, 3 Jan 2025 14:05:25 +0200 Subject: [PATCH] requirement number fix --- 5.0/en/0x18-V10-Coding.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/5.0/en/0x18-V10-Coding.md b/5.0/en/0x18-V10-Coding.md index 63c61f4c3a..a2bc3083a3 100644 --- a/5.0/en/0x18-V10-Coding.md +++ b/5.0/en/0x18-V10-Coding.md @@ -16,7 +16,7 @@ This chapter also contains requirements to prevent the introduction of malicious | **1.10.2** | [MODIFIED, MOVED FROM 14.2.5, MERGED FROM 14.2.4] Verify that an inventory catalog, such as software bill of materials (SBOM), is maintained of all third-party libraries in use, including verifying that components come from pre-defined, trusted, and continually maintained repositories. | | ✓ | ✓ | | | **1.10.3** | [ADDED, SPLIT FROM 14.2.6] Verify that application documentation highlights "risky" third party libraries which should include: libraries which perform operations which are dangerous from a security perspective, libraries which are poorly maintained, unsupported, or end of life, libraries which have historically had several significant vulnerabilities, etc. | | | ✓ | 1061 | | **1.10.4** | [ADDED, SPLIT FROM 1.14.5] Verify that application documentation highlights parts of the application where "risky" operations are being performed. "Risky" in this context means those with a high likelihood of being dangerously exploited such as: deserialization of untrusted data, raw file parsing, direct memory manipulation, etc. | | | ✓ | | -| **1.10.4** | [ADDED, SPLIT FROM 14.2.1] Verify that application documentation defines risk based remediation time frames for 3rd party component versions with vulnerabilities and for updating libraries in general, to minimize the risk from these components. | ✓ | ✓ | ✓ | | +| **1.10.5** | [ADDED, SPLIT FROM 14.2.1] Verify that application documentation defines risk based remediation time frames for 3rd party component versions with vulnerabilities and for updating libraries in general, to minimize the risk from these components. | ✓ | ✓ | ✓ | | ## V10.1 Code Integrity