all InfoSec News
sec-certs: Examining the security certification practice for better vulnerability mitigation
July 2, 2024, 4:14 a.m. | Adam Janovsky, Jan Jancar, Petr Svenda, {\L}ukasz Chmielewski, Jiri Michalik, Vashek Matyas
cs.CR updates on arXiv.org arxiv.org
Abstract: Products certified under security certification frameworks such as Common Criteria undergo significant scrutiny during the costly certification process. Yet, critical vulnerabilities, including private key recovery (ROCA, Minerva, TPM-Fail...), get discovered in certified products with high assurance levels. Furthermore, assessing which certified products are impacted by such vulnerabilities is complicated due to the large amount of unstructured certification-related data and unclear relationships between the certified products. To address these problems, we conducted a large-scale …
arxiv certification certs cs.cr mitigation practice sec security security certification vulnerability vulnerability mitigation
More from arxiv.org / cs.CR updates on arXiv.org
Jobs in InfoSec / Cybersecurity
Senior Software Java Developer
@ Swiss Re | Madrid, M, ES
Product Owner (Hybrid) - 19646
@ HII | Fort Belvoir, VA, Virginia, United States
Sr. Operations Research Analyst
@ HII | Albuquerque, NM, New Mexico, United States
Lead SME Platform Architect
@ General Dynamics Information Technology | USA VA Falls Church - 3150 Fairview Park Dr (VAS095)
DevOps Engineer (Hybrid) - 19526
@ HII | San Antonio, TX, Texas, United States
Cloud Platform Engineer (Hybrid) - 19535
@ HII | Greer, SC, South Carolina, United States