"The evaluator shall examine the security problem definition to determine that all threats are described in terms of a threat agent, an asset, and an adverse action."
T.VMM_COMPROMISE - Defines the threat agent as an unauthorized entity though it is unclear whether the threat agent is expected to be human or programmatic or both.
T.WEAK_CRYPTO - Defines the threat agent as a sophisticated adversary though it does not define an adverse action or the target asset of attack.
"The evaluator shall examine the security problem definition to determine that all threats are described in terms of a threat agent, an asset, and an adverse action."
T.VMM_COMPROMISE - Defines the threat agent as an unauthorized entity though it is unclear whether the threat agent is expected to be human or programmatic or both.
T.WEAK_CRYPTO - Defines the threat agent as a sophisticated adversary though it does not define an adverse action or the target asset of attack.