Impact of the Adoption of Cloud Services for Code Review on ALC_DVS and Attack Potential (A22c)
Tools for code review are commonly used to allow developers to identify bugs and bad programming habits. They are often provided as a service through a third-party cloud infrastructure, posing challenges to the protection of confidentiality and integrity. The impact on CC evaluations with assurance EAL3 or higher is assessed, with particular reference to ALC_DVS and AVA_VAN families.
Additional not speaking co-authors: Gaetano Cavarretta, Tiziano Inzerilli, Mirko Malacario, Massimiliano Orazi, Samuela Persia