Closed tamberg closed 6 years ago
[cedriclb] I'd go with "The vendor MUST implement security in its business processes." as the vendor may have to rely on external processes which also require security (reply to tenders for example), and "company processes" might not include security of third-parties (which are more than common in iot).
The intent of this principle is to have a good awareness of iot security, ensure the development follows DevSecOps, etc.
Done.
re https://github.com/openiotmark/iotmark-principles/tree/develop#24-the-vendor-must-implement-security-in-its-processes
from
The vendor MUST implement security in its processes.
to
The vendor MUST implement security in its internal processes.
or
The vendor MUST implement security in its company processes.
or
The vendor MUST implement security in its business processes.
(to make it a bit more clear)