As penetration testing and vulnerability scanning is a best practice, protecting the results from these tests and scans is equally important. These reports and results typically outline detailed vulnerabilities and how to exploit them. As with countermeasure CM0001, protecting sensitive information from disclosure to threat actors is imperative.
| ID | Name | Description | |
| EX-0009 | Exploit Code Flaws | Threats actors may identify and exploit flaws or weaknesses within the software running on-board the target SV. These attacks may be extremely targeted and tailored to specific coding errors introduced as a result of poor coding practices or they may target known issues in the commercial software components. | |
| .03 | Known Vulnerability (COTS/FOSS) | Threat actors may utilize knowledge of the SV software composition to enumerate and exploit known flaws or vulnerabilities in the commercial or open source software running on-board the target SV. | |
| ID | Description |