Account:  - Login  |  Webstore  |  Shopping basket cart
English  |  Français  |  Nederlands

Publication details

Publication CODE Title
ISO/IEC TR 20004:2012 (2012-08) INFORMATION TECHNOLOGY -- SECURITY TECHNIQUES -- REFINING SOFTWARE VULNERABILITY ANALYSIS UNDER ISO/IEC 15408 AND ISO/IEC 18045
 
Price Excl. VAT Total number of pages, tables and drawings
102.00 € 17 P..
Description
ISO/IEC TR 20004:2012 refines the AVA_VAN assurance family activities defined in ISO/IEC 18045:2008 and provides more specific guidance on the identification, selection and assessment of relevant potential vulnerabilities in order to conduct an ISO/IEC 15408 evaluation of a software target of evaluation.


ISO/IEC TR 20004:2012 leverages the Common Weakness Enumeration (CWE) and the Common Attack Pattern Enumeration and Classification (CAPEC) to support the method of scoping and implementing ISO/IEC 18045:2008(E) vulnerability analysis activities.


ISO/IEC TR 20004:2012 does not define evaluator actions for certain high assurance ISO/IEC 15408 components, where there is as yet no generally agreed guidance.
Class  C990  (IEC PUBLICATIONS IEC PUBLICATIONS)
Available files
EN version

Status
Status IEC PUBLICATION
Situation Withdrawn
Replaced by  ISO/IEC TR 20004:2015
Origin
Committee ISO/IEC JTC 1/SC 27
IT SECURITY TECHNIQUES
Approval
BEC Approval 2012-08-08
ICS-Code (International Standards Classification) 35.030
NBN Status New
IEC publication date 2012-08-08
IEC last modification date 2015-12-14