ANSI UL 2900-1:2017 pdf free download – Standard for Software Cybersecurity for Network-Connectable Products, Part 1: General Requirements
3.5 AUTHORIZATION – The process of giving an entity permission to access or manipulate the product,or the property that an entity has such permission.
3.6 BINARY CODE – Machine instructions and/or data in a format intended for a specific processor architecture.
3.7 BYTECODE – Instructions and/or data that are created from source code as an intermediate step before generating binary code. Bytecode is independent of a specific processor architecture and is typically handled by a virtual machine or interpreter.
3.8 COMMON ATTACK PATTERN ENUMERATION AND CLASSIFICATION (CAPEC) – Specified in ITU-T X.1544 (ref. [7), the CAPEC is a publicly available resource providing a list and classification of a large number of attack mechanisms based on the topology of the environment.
3.9 COMMON VULNERABILITIES AND EXPOSURES (CVE) – Specified in ITU-T X.1520 (ref. [3]), the CVE is a publicly available resource providing common identifiers for known vulnerabilities and exposures.
3.10 COMMON VULNERABILITY SCORING SYSTEM (CVSS) – Specified in ITU-T X.1521 (ref. [4]), the CVSS is a publicly available resource providing a means for prioritizing vulnerabilities in terms of exploit potential.
3.11 COMMON WEAKNESS ENUMERATION (CWE) – Specified in ITU-T X.1524 (ref. [5]), the CWE is a publicly available resource providing a structured means to exchange unified, measurable sets of information providing common identifiers for software weaknesses, as well as consequences, detection methods and examples of each weakness.
3.12 COMMON WEAKNESS SCORING SYSTEM (CWSS) – Specified in ITU-T X.1525 (ref [6]), the Cwss is a publicly available resource providing a means for prioritizing CWEs based on their technical impact, ease of attack, and other factors.
3.13 COMMUNICATION PROTOCOL – A system of rules regarding syntax, semantics, synchronization
and error recovery of data communication, allowing two or more entities to exchange information.
3.14 CONFIDENTIALITY – The property that data, information or software is not made available or disclosed to unauthorized individuals, entities, or processes.
3.15 EXECUTABLE – A file containing instructions in binary code, which can be used by a computer to perform computational tasks.
3.16 EXPLOIT – An input or action designed to take advantage of a weakness (or multiple weaknesses) and achieve a negative technical impact.
NOTE: The existence of an exploit targeting a weakness is what makes that weakness a vulnerability.
3.17 EXTERNAL INTERFACE – An interface of the product that is designed to potentially allow access to an entity outside the product; for example user interfaces, remote interfaces, local interfaces, wireless interfaces and file inputs.
3.18 GENERATIONAL MALFORMED INPUT TESTING – A method of deriving malformed input test cases by using detailed knowledge of the syntax and semantics of the specifications of the protocol or file format being tested.
3.19 HARM – Physical injury or damage to the health of people, or damage to property or the environment.
3.20 I2C BUS – An inter-integrated circuit bus.
3.21 INTEGRITY -t he assurance that data can only be altered by authorized entities.
3.22 JTAG – Joint Test Action Group (JTAG) method of connection described in IEEE 1149, Standard for Test Access Port and Boundary-Scan Architecture.