Reconciling Security Vulnerabilities within the Common Criteria (M20a)
Maintaining the security of your product is crucial for every company, and a predominant part is the response of security vulnerabilities. Within the new engineering trends, such as Agile principles, Cloud computing and other Connected items, that maximize the surface of potential attacks, it is primordial to have an effective and harmonized answer to vulnerabilities. Common Criteria addresses the response with the ALC_FLR assurance family, but the maintenance of the certification depends on the certification scheme. In this presentation, we will review the different requirements from the CC and analyze the big pictures of assurance continuity in the different certification schemes. Then, by looking at other security certification schemes, we will analyze the need for an efficient and harmonized process and propose a common approach to respond to that need.