Cédric Bassem
Cédric Bassem
The ISVS currently does not cover security requirements related to detecting and responding to security incidents. Example requirement that's missing: Verify that an appropriate response strategy is in place in...
The ISVS currently does not address that not implementing a security control and/or accepting a failed security control/vulnerability is a effort vs risk based decision. We could add something to...
We have to make sure to fix the numbering of requirements before release.
The firmware update chapter currently explicitly covers roll-back attacks. The Freeze and Mix & Match attack cases are not (explicitly) covered. - Freeze attacks: an attacker tricks the device /...