* Other use cases for special purpose operating systems
FIXME prune this down to the most common use cases
## 4.5 Risk factors
### 4.5.1 List of risk factors
For each operating system placed on the market, the manufacturer shall develop a threat model and risk profile based on the foreseeable use of the operating system. The risk profile is derived from the foreseeable use of the product. The following risk factors shall be taken into account when developing the risk profile.
For each operating system placed on the market, the manufacturer shall develop a threat model and risk profile based on the foreseeable use of the operating system. The risk profile is derived from the intended and foreseeable use and misuse of the product. The following risk factors shall be taken into account when developing the risk profile.
Note: "account" refers to a user in the operating systems sense: a unique system identity associated with certain authorization and permissions. "User" refers to an entity that uses the device for some purpose. Users may have many accounts and accounts may have many users.
@@ -645,6 +647,8 @@ Recommendation: Therefore, manufacturers of operating systems which are intended
* PHYS-1: may be incidentally exposed to untrusted software or external inputs
* PHYS-2: used primarily to run untrusted software or process external inputs
FIXME this may be a useful summary of exposure to hostile software or it may be more useful to split it into the sources of risk
