robertmclemons
commented
3 years ago Added some words to the Threat section to addess these issues.
Closed robertmclemons closed 3 years ago
robertmclemons
commented
3 years ago Added some words to the Threat section to addess these issues.
"The evaluator shall examine the security problem definition to determine that all threats are described in terms of a threat agent, an asset, and an adverse action."
T.VMM_COMPROMISE - Defines the threat agent as an unauthorized entity though it is unclear whether the threat agent is expected to be human or programmatic or both.
T.WEAK_CRYPTO - Defines the threat agent as a sophisticated adversary though it does not define an adverse action or the target asset of attack.