...
| Your Answer-Please Describe | SECCOM Feedback / Recommendations |
|---|---|
| Could not find this document/wiki |
Assurance Case
Does your project actually meet its documented security requirements?
...
| Your Answer-Please Describe | SECCOM Feedback / Recommendations |
|---|---|
| Could not find this document/wiki |
Vulnerability Mitigation
Vulnerabilities Critical Fixed
...
| Your Answer-Please Explain | SECCOM Feedback / Recommendations |
|---|---|
| Yes. Critical vulnerabilities/issues are compiled by SECCOM periodically and CPS project team resolves them in-time for current/prev release. |
Non-Cryptographic Software Questions
...
| Your Answer-Please Explain | SECCOM Feedback / Recommendations |
|---|---|
We will receive a lot notifications from NEs... are these trusted? Subscriptions also? |
Hardening
Does your project apply hardening mechanisms so that software defects are less likely to result in security vulnerabilities?
...
| Your Answer-Please Explain | SECCOM Feedback / Recommendations |
|---|---|
| CPS does not include any internal module to implement cryptograph... what do we use? |
Crypto Random - Generic
Does your software use random information? If so, does it use a cryptographically secure random number generator?
...
| Your Answers-Please Explain | SECCOM Feedback / Recommendations |
|---|---|
| CPS does generate random UUIDs for notifications... is this secure? |
Crypto Weaknesses
Does your software depend on any cryptographic algorithms or modes that have known serious weaknesses?
...