Update threats, move TRs from draft list to done

## C.2 Threats

> Based on the assets, what are the threats during:

>

> - Use for intended purpose or reasonably foreseeable use

> - When integrated into another product

Threat: Attacker sends a packet to the external adapter that causes the interface to give unauthorized access to data stored on the interface.

Threat: Attacker sends a packet to the external adapter that causes the interface to give unauthorized access to functions on the interface.

Threat: Attacker sends a packet that causes the interface to give unauthorized access to some or all host system assets.

Threat: Attacker uses unprivileged host access to the network interface to es the interface to give unauthorized access to data stored on the interface.

> Example threats can be found in the same documents suggested in the section on security requirements.

Threat: Attacker sends a packet to the external adapter that causes the interface to give unauthorized access to functions on the interface.

> FIXME partial notes, need more threats, need to associate with risk factors

Threat: Attacker sends a packet that causes the interface to give unauthorized access to some or all host system assets.

### C.2.1 Physical interfaces

* Incoming packet can exploit a bug to:

  * Read/write firmware

  * Read/write configuration

  * Read/write statistics

* Incoming packets that trigger bad behaviour

  * Bug that processing incoming packets stops packet processing

    * TR: watchdog timeout that resets card if packets aren't coming out right?

    * TR: fuzz testing of network input packets (directed maybe, specify numbers and test?)

    * TR: stress testing with just a lot of packets of different types?

    * TR: general secure design stuff PT1 that we can only do if testable on product

* Bugs in chipset allowing unauthorized/malformed access to interface

* Malicious/corrupted firmware updates - do this securely

  * TR: the firmware update method must verify firmware in some way

* TR: DAST dynamic applications security testing

* TR: open source your code and use open source tools?

Done

    * TR: watchdog timeout that resets card if packets aren't coming out right?

    * TR: fuzz testing of network input packets (directed maybe, specify numbers and test?)

    * TR: general secure design stuff PT1 that we can only do if testable on product

FIXME: reference or use IEC 62443 certification? industrial use case, mostly for B2B relationships, suppliers, sophisticated, we are more consumer-related, probably can't base it on but we can find some overlap and inspire this standard

Potential sources of threats: