diff --git a/policy.txt b/policy.txt
index d61ce23..9e87c68 100644
--- a/policy.txt
+++ b/policy.txt
@@ -16,7 +16,7 @@ production systems at risk.
 
 3. Classification of Vulnerabilities
 
-We will consider a vulnerability report most likely as relevant if it
+A) We will consider a vulnerability report most likely as relevant if it
 reports one of the following problems:
     1. The vulnerability can be used to directly access non-public
        information that either reveals further security relevant problems or
@@ -27,15 +27,14 @@ reports one of the following problems:
     4. XSS, CSRF, RCE, authentication/authorization bypass, SQL inections,
        etc are considered relevant.
 
-We will consider a vulnerability report most likely as NOT relevant if
+B) We will consider a vulnerability report most likely as NOT relevant if
 it reports one of the following problems:
-    5. Missing security features, for example HTTP headers, if they are not
+    1. Missing security features, for example HTTP headers, if they are not
        actually preventing a vulnerability.
-    6. Publicly accessible version strings of used software.
-    7. Security vulnerablities that can only be used within the scope of the
+    2. Publicly accessible information such as version strings of used
+       software and previously publicly known information in general.
+    3. Security vulnerablities that can only be used within the scope of the
        used account.
-    8. Publicly available information even when retrieved over usually non-
-       public channels (i.e. APIs).
 
 4. Reporting Vulnerabilities