ONAP Provider MUST have patches available for vulnerabilities in ONAP as soon as possible. Patching shall be controlled via change control process with vulnerabilities disclosed along with mitigation recommendations.

------
Modified req:
ONAP MUST have patches available for vulnerabilities in ONAP aligned with CII badging specifications of criticality & delivery time.
Link to the CII requirement: https://github.com/coreinfrastructure/best-practices-badge/blob/master/doc/criteria.md