Hi Walter,
We are still in the process of removing all dependencies on Telerik. We've removed a lot already, but unfortunately, this could take several more months to complete. If you're using one of the latest Storefront (e.g. v15.12+ or v16) all the public facing pages including all Manage modules do not have any dependencies on Telerik anymore (for display templates, make sure to use the razor template. That means don't use any "StandardXX" where the XX is a Number as those are the old Web forms templates with Telerik dependencies). That leaves only some internal Admin pages using Telerik and that's going away too as we refactor those out.
Furthermore, in your Web.config, you should be able remove most Telerik handler bindings all except this one below. Remove any reference to Telerik Chart, Upload, etc. (especially Upload, which is the one mentioned in the last security vulnerability).
<add name="Telerik.Web.UI.WebResource" verb="*" path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource, Telerik.Web.UI" preCondition="integratedMode" />
I'm not sure how your scanner works, if it picks up only the external public facing pages. If so, then I think this might be sufficient to minimize exposure.