|

 
|
| | Name : | Ron Crane | Organization : | N/A | Post Date : | 9/30/2005 |
| Section : | .20.1.3.1 | Page no. : | | Line no.: | | Comment : | 9c.
c. Vol. II, §1.3.1 does not properly account for the security implications of changes in hardware, saying, for example, that Not all systems being tested are required to complete all categories of testing. For example, if a previously certified system has had hardware modifications, the system may be subject only to non-operating
environmental stress testing of the modified component, and a partial
system-level test...
Since an unscrupulous vendor could use new hardware to introduce a malware loader, this approach to short-circuiting testing imperils security. | |
|
|