-
**FCS**
- should be reliant on platform for crypto (does this need a requirement to state that)?
**FDP**
- FDP_RIP.1 or FDP_RIP.2 should be included to cover clearing of CMFA data
- FDP_IFC/FDP_…
-
While looking into #1076 via #1081, I noticed things that could be investigated further for as minor improvements to Zeek's RNG:
- Could replace `zeek::prng()` (formerly `bro_prng()`) implementatio…
-
### Finding Description
The application is generating private keys but not using hardware-backed secure storage methods to store the data on the device.
The iOS Keychain makes it more difficult to ex…
-
## Goal
| User story |
|:---------------------------------------------------------------------------|
| As an IT admin, when a DEP-enabled end user macOS device enrolls,
| I want to I want to i…
-
For some apps, we are getting a python struct error. I don't know if this is a problem with androwarn, python, or the APK file itself. Below is an example error message. How can we fix this?
Traceb…
-
**What is the change request for the cPP? Please describe.**
The following comments against the Final Draft (Version 0.13) of the proposed HCD cPP Version 1.0 were submitted by JISEC:
1. Section C.4…
-
### Finding Description
The application is vulnerable to the Janus exploit. This would allow malicious actors to possibly inject their own code into the binary package and release it as a legitimate …
-
### Finding Description
The application is vulnerable to the Janus exploit. This would allow malicious actors to possibly inject their own code into the binary package and release it as a legitimate …
-
### Finding Description
Libraries found in the app were not compiled using ARC, a free feature of Objective-C and Swift.
Enabling it has no discernable downsides, and prevents memory corruption attac…
-
### Finding Description
The application is vulnerable to the Janus exploit. This would allow malicious actors to possibly inject their own code into the binary package and release it as a legitimate …