Aaron G

DnR operations should be out of scope IMO. Widening the scope to include processes and operational procedures that vary based on the organization typically have reliance on compliance program requirements...

TL;DR - We would love to include ZigBee and Z-Wave but do not have the practical experience on the project team. We need help 😄 1. We chose WiFi and...

Similar topic mentioned in in https://github.com/OWASP/IoT-Security-Verification-Standard-ISVS/issues/66#issuecomment-785877641

We'll need to think more about this threat model. It's not possible to cover every case but want to ensure we capture the most common.

- Cover art created ✅ https://github.com/OWASP/owasp-istg/commit/7ad853f958f30df5d556aa5a967440b41bb0e239#diff-819b1ec85f8148cbf5b271d1026f4cc4d8603730b8c3b7f6549bc7b87e974e6d - Adopted portions of MSTGs contributing page linked in the readme ✅ https://owasp.org/www-project-iot-security-testing-guide/#div-contributing - Input validation category abbreviation updated along with the component overview...

Similar to MASTG, ATT&CK mobile provides an adversarial perspective with known tools, tactics, procedures, and detections from known events or malicious software. Although these are valuable to organizations, verification standards...

@rockhoppersec, curious on your perspective :)