600.436 High-Assurance Systems
Fall 01/Development Process Assurance
24
Flaw
Reporting Procedures
¨The
developer shall establish a procedure for accepting and acting upon user reports of
security flaws and requests for corrections to those flaws (in a way
that shall):
–ensure that any reported flaws are corrected and the
correction issued to TOE users
–provide safeguards that any corrections to these
security flaws do not introduce any new flaws