600.436 High-Assurance Systems
Fall 01/Development Process Assurance
24
Flaw Reporting Procedures
¨The developer shall establish a procedure for accepting and acting upon user reports of security flaws and requests for corrections to those flaws (in a way that shall):
–ensure that any reported flaws are corrected and the correction issued to TOE users
–provide safeguards that any corrections to these security flaws do not introduce any new flaws