betteriot / betteriot-principles

Better IoT Principles
21 stars 6 forks source link

Reqording of principle 24 #52

Closed tamberg closed 6 years ago

tamberg commented 6 years ago

re https://github.com/openiotmark/iotmark-principles/tree/develop#24-the-vendor-must-implement-security-in-its-processes

from

The vendor MUST implement security in its processes.

to

The vendor MUST implement security in its internal processes.

or

The vendor MUST implement security in its company processes.

or

The vendor MUST implement security in its business processes.

(to make it a bit more clear)

tamberg commented 6 years ago

[cedriclb] I'd go with "The vendor MUST implement security in its business processes." as the vendor may have to rely on external processes which also require security (reply to tenders for example), and "company processes" might not include security of third-parties (which are more than common in iot).

The intent of this principle is to have a good awareness of iot security, ensure the development follows DevSecOps, etc.

tamberg commented 6 years ago

Done.