@@ -661,11 +661,11 @@ _Description of mitigation implementing the requirement in "shall" format._
This section is a list of technical requirements necessary to satisfy the CRA essential requirements. Each technical requirement can be satisfied by one or more potential mitigations. Each mitigation may or may not be appropriate for an individual use case. The following section will define which mitigations will be required, depending on risk factors and/or a use case. See Annex C for more information.
### 5.2.X TR-IMEM Prevent memory safety errors
### 5.2.X TR-SSDD Secure design and development
#### 5.2.X.x Requirement
The product shall not process input in such a way as to cause an internal memory safety error affecting the assets of the product.
The product shall be designed and developed in a secure manner.
#### 5.2.X.x **MI-SSCA**: Static source code analysis for memory errors
@@ -682,7 +682,7 @@ The sufficiency of the source code analysis tool and the selected manner of runn
All warnings, annotations, or other method of suppressing warnings from the analysis tool shall be documented with a rationale for why it does not constitute an unacceptable risk.
* Reference: TR-IMEM
* Reference: TR-SSDD
* Objective: Prevent unauthorized memory access
@@ -698,7 +698,7 @@ All warnings, annotations, or other method of suppressing warnings from the anal
The product shall be checked for memory errors by running a tool that exercises the functions of the product in an environment that permits measuring code coverage and detecting memory access errors. All memory errors detected shall be documented with a rationale for why it does not constitute an unacceptable risk.
* Reference: TR-IMEM
* Reference: TR-SSDD
* Objective: Prevent unauthorized memory access
* Preparation: None
* Activities: Run the tool while measuring code coverage and monitoring for memory access errors until 95% code coverage has been reached
@@ -1282,17 +1282,17 @@ Suggested type of tests include, but are not limited to:
