Commit 595ca71c authored by Santeri Toikka's avatar Santeri Toikka
Browse files

Added assessment proposal for later use

Closes #400
parent a915a34e
Loading
Loading
Loading
Loading
+22 −0
Original line number Diff line number Diff line
@@ -608,6 +608,28 @@ For medium risk:
1. Description of how to scan for the vulnerability
1. Log of vulnerability scan results

#### 6.1.1.1 REQ-EXPLOIT-1ish from Uli

**Preparation:** Program a test source providing an authentic and integrity correct update package.<br/>
**Activities:**

* Operate the test update server.
* Study the technical documentation.
* If needed activate the update mechanism and check whether the mechanism is configurable.
* Check if the update mechanisms can be configured to check itself for updates, conduct the update on trigger, or runs at first use.
* Configure the update mechanisms with respect to point in time of conduct.

**Verdict:**

* The technical documentation describes the update mechanism in sufficient practical detail to conduct the update.
* The test update is operated as configured on action, prior, or as part of the first use.
* The test update was operated as configured with respect to the point of time of conduct.

**Supporting Evidence:**

* References to document sections.
* Screenshots from the update configurations and of the corresponding conducts.

#### 6.1.1.2 REQ-EXPLOIT-2

**Objective:** Responsibility of OS level updgrades can be elsewhere outside of the system control.<br/>