ISO ISO/IEC TR 20004 Information technology - Security techniques - Refining software vulnerability analysis under ISO/IEC 15408 and ISO/IEC 18045 - Second Edition
Данный раздел/документ содержится в продуктах:
- Техэксперт: Машиностроительный комплекс
- Картотека зарубежных и международных стандартов
- CEN ISO/TR 9241-100 Ergonomics of human-system interaction - Part 100: Introduction to standards related to software ergonomics
- ISO ISO/IEC 15504-2 CORR 1 Software engineering - Process assessment - Part 2: Performing an assessment TECHNICAL CORRIGENDUM 1 - First Edition
- 13
- CEN ISO/TR 9241-100 Ergonomics of human-system interaction - Part 100: Introduction to standards related to software ergonomics
- ISO ISO/IEC 15504-2 CORR 1 Software engineering - Process assessment - Part 2: Performing an assessment TECHNICAL CORRIGENDUM 1 - First Edition
- 13.180
- CEN ISO/TR 9241-100 Ergonomics of human-system interaction - Part 100: Introduction to standards related to software ergonomics
- ISO ISO/IEC 15504-2 CORR 1 Software engineering - Process assessment - Part 2: Performing an assessment TECHNICAL CORRIGENDUM 1 - First Edition
- CEN ISO/TR 9241-100 Ergonomics of human-system interaction - Part 100: Introduction to standards related to software ergonomics
- CEN ISO/TR 9241-100 Ergonomics of human-system interaction - Part 100: Introduction to standards related to software ergonomics
- 35
- CEN ISO/TR 9241-100 Ergonomics of human-system interaction - Part 100: Introduction to standards related to software ergonomics
- ISO ISO/IEC 15504-2 CORR 1 Software engineering - Process assessment - Part 2: Performing an assessment TECHNICAL CORRIGENDUM 1 - First Edition
- 35.180
- CEN ISO/TR 9241-100 Ergonomics of human-system interaction - Part 100: Introduction to standards related to software ergonomics
- ISO ISO/IEC 15504-2 CORR 1 Software engineering - Process assessment - Part 2: Performing an assessment TECHNICAL CORRIGENDUM 1 - First Edition
- CEN ISO/TR 9241-100 Ergonomics of human-system interaction - Part 100: Introduction to standards related to software ergonomics
- CEN ISO/TR 9241-100 Ergonomics of human-system interaction - Part 100: Introduction to standards related to software ergonomics
- ISO ISO/IEC 15504-1 Information technology Process assessment Part 1: Concepts and vocabulary - First Edition; Supersedes ISO/IEC TR 15504-1 and ISO/IEC TR 15504-9
- ISO ISO/IEC TR 15504-7 Information technology - Process assessment - Part 7: Assessment of organizational maturity - First Edition
- ISO ISO/IEC 15504-2 CORR 1 Software engineering - Process assessment - Part 2: Performing an assessment TECHNICAL CORRIGENDUM 1 - First Edition
- ISO ISO/IEC TR 15504-7 Information technology - Process assessment - Part 7: Assessment of organizational maturity - First Edition
- ISO ISO/IEC TR 15504-7 Information technology - Process assessment - Part 7: Assessment of organizational maturity - First Edition
- ISO ISO/IEC 15504-2 CORR 1 Software engineering - Process assessment - Part 2: Performing an assessment TECHNICAL CORRIGENDUM 1 - First Edition
- ISO ISO/IEC 15504-2 CORR 1 Software engineering - Process assessment - Part 2: Performing an assessment TECHNICAL CORRIGENDUM 1 - First Edition
- BSI BS ISO/IEC 15026-2 Systems and software engineering - Systems and software assurance Part 2: Assurance case
- BSI PD ISO/IEC TR 20004 Information technology - Security techniques - Refining software vulnerability analysis under ISO/IEC 15408 and ISO/IEC 18405
- ISO ISO/IEC 15408-2 Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional components - Third Edition
- CEN ISO/TR 9241-100 Ergonomics of human-system interaction - Part 100: Introduction to standards related to software ergonomics
- Картотека зарубежных и международных стандартов
International Organization for Standardization
Information technology - Security techniques - Refining software vulnerability analysis under /IEC 15408 and /IEC 18045 - Second Edition
N ISO/IEC TR 20004
Annotation
This Technical Report refines the AVA_VAN assurance family activities defined in ISO/IEC 18045 and provides more specific guidance on the identification, selection and assessment of relevant potential vulnerabilities in order to conduct an ISO/IEC 15408 evaluation of a software target of evaluation. This Technical Report leverages publicly available information security resources to support the method of scoping and implementing ISO/IEC 18045 vulnerability analysis activities. The Technical Report currently uses the common weakness enumeration (CWE) and the common attack pattern enumeration and classification (CAPEC), but does not preclude the use of any other appropriate resources. Furthermore, this Technical Report is not meant to address all possible vulnerability analysis methods, including those that fall outside the scope of the activities outlined in ISO/IEC 18045.
This Technical Report does not define evaluator actions for certain high assurance ISO/IEC 15408 components, where there is as yet no generally agreed guidance.
Автоматический перевод:
Информационные технологии - методы безопасности - анализ уязвимости программного обеспечения Refining под ISO/IEC 15408 и ISO/IEC 18045 - Второй Выпуск
Этот Технический отчет совершенствует семейные действия гарантии AVA_VAN, определенные в ISO/IEC 18045, и обеспечивает более определенное руководство на идентификации, выборе и оценке соответствующих потенциальных уязвимостей для проведения ISO/IEC 15408 оценок цели программного обеспечения оценки. Этот Технический отчет усиливает общедоступные ресурсы информационной безопасности для поддержки метода определения объема и осуществления ISO/IEC 18045 аналитических действий уязвимости. Технический отчет в настоящее время использует общее перечисление слабости (CWE) и общее перечисление образца нападения и классификацию (CAPEC), но не устраняет использование никаких других надлежащих ресурсов. Кроме того, этот Технический отчет не предназначен для обращения ко всем возможным аналитическим методам уязвимости, включая тех, которые выходят за пределы объема действий, обрисованных в общих чертах в ISO/IEC 18045.
