-Each of us has initially set up the CMS and made ourselves familiar with the
-CMS. We have chosen to split the work by category of security requirements in
+% Running the application
+Each of us has initially set up the \CMS{} and made ourselves familiar with the
+\CMS{}. This was easy, because one of us had made a \code{Dockerfile} for the
+others to use. This made running and installing the application trivially
+easy. Running the application made us understand the outline and components of
+the application. We could also find some spots where easy to find vulnerabilities
+could be expected. However, looking at the source code was more effective,
+especially when verifying that the \CMS{} \emph{passes} a requirement. Buggy code
+is easy to find. Bug-free code is not.
+
+We have chosen to split the work by category of security requirements in