diff --git a/doc/md_src_files/05_01_exploitation.md b/doc/md_src_files/05_01_exploitation.md
index f259a177..e2b85194 100644
--- a/doc/md_src_files/05_01_exploitation.md
+++ b/doc/md_src_files/05_01_exploitation.md
@@ -5,11 +5,11 @@ The intent of this measure is the present state of exploitation of the vulnerabi
Table: Exploitation Decision Values
-| Value | Definition |
-| :--- | :------------ |
-| None | There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability. |
-| PoC
(Proof of Concept) | One of the following cases is true: (1) exploit code is sold or traded on underground or restricted fora; (2) a typical public PoC in places such as Metasploit or ExploitDB; or (3) the vulnerability has a well-known method of exploitation. Some examples of condition (3) are open-source web proxies serve as the PoC code for how to exploit any vulnerability in the vein of improper validation of TLS certificates. As another example, Wireshark serves as a PoC for packet replay attacks on ethernet or WiFi networks. |
-| Active | Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting. |
+| Value | Definition |
+| :--- |:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| None | There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability. |
+| PoC
(Proof of Concept) | One of the following cases is true: (1) exploit code is sold or traded on underground or restricted fora; (2) a typical public PoC in places such as Metasploit or ExploitDB; or (3) the vulnerability has a well-known method of exploitation. Some examples of condition (3) are open-source web proxies serve as the PoC code for how to exploit any vulnerability in the vein of improper validation of TLS certificates. As another example, Wireshark serves as a PoC for packet replay attacks on ethernet or WiFi networks. A publicly-known hard-coded or default password would also meet this criteria. |
+| Active | Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting. |
### Gathering Information About Exploitation