UL 2900-1 2020 pdf download – Software Cybersecurity for Network- Connectable Products, Part 1: General Requirements.
3.31 PRODUCT – The network-connectable device, software or system under test. 3.32 PROTOCOL – See COMMUNICATION PROTOCOL 3.33 REMOTE INTERFACE – An external interface potentially allowing access to individuals, entities or processes regardless of geographic distance to the product. 3.34 REMOTE ACCESS – Access to the product via a remote interface. 3.35 RISK – The potential for harm or damage, measured as the combination of the likelihood of occurrence of that harm or damage and the impact of that harm or damage. 3.36 RISK ANALYSIS – The systematic use of available information to identify threats and to estimate risk. 3.37 RISK CONTROL – Any action taken or feature implemented to reduce risk. 3.38 RISK MANAGEMENT – Systematic application of management policies, procedures and practices to the tasks of analyzing, evaluating, controlling and monitoring risk. 3.39 SECURE ELEMENT – A tamper-resistant platform like a chip capable of securely hosting applications and their confidential and cryptographic data and that will prevent unauthorized access. 3.40 SECURITY – The process of having acceptable levels of confidentiality, integrity, authenticity and/or availability of product data and/or functionality through risk analysis. 3.41 SENSITIVE DATA – Sensitive data is any critical security parameter that can compromise the use and security of the product such as passwords, keys, seeds for random number generators, authentication data., personally identifiable information and any data whose disclosure could jeopardize the security properties of the product. 3.42 SOFTWARE – All pre-loaded data which creates, affects, and/or modifies the functionality of the product. This includes, but is not limited to, firmware, scripts, initialization files, pre-compiled code and interpreted code. This does not include software preloaded and programmed in an IC chip for small functions that require physical access and removal of the IC chip for reprogramming.
3.43 SOFTWARE WEAKNESS – A possible flaw in the architecture, design, coding, build process or configuration of software in the product that may render the product vulnerable to a security exploit. 3.44 SOURCE CODE – Computer instructions written in a human-readable high-level computer language, usually as text, including possible comments. 3.45 SPI – is a serial peripheral shared interface bus. 3.46 STATIC ANALYSIS – A process in which source code, bytecode or binary code is analyzed without executing the code. 3.47 TEMPLATE MALFORMED INPUT TESTING – Generates test cases by introducing anomalies into a valid message or file. Template malformed input test cases are not protocol aware and therefore will not contain items such as correct checksums and valid session IDs.