| Developer Vulnerability Analysis |
|
|
|
|
|
|
|
|
|
|
|
|
|
| ¨ | The
developer shall perform and |
|||||||||||
| document
an analysis of the TOE |
||||||||||||
| deliverables
searching for obvious ways |
||||||||||||
| in
which a user can violate the TSP |
||||||||||||
| – | The
documentation shall show, for all |
|||||||||||
| identified
vulnerabilities, that the |
||||||||||||
| vulnerability
cannot be exploited in the |
||||||||||||
| intended
environment for the TOE |
||||||||||||
| ¨ | The
developer shall document the |
|||||||||||
| disposition
of obvious vulnerabilities |
||||||||||||
| 600.436
High-Assurance Systems |
| Fall
01/Operational Assurance |
| 29 |