BS PD ISO/IEC TR 20004:2015

BS PD ISO/IEC TR 20004:2015 refines the AVA_VAN assurance family activities defined in ISO/IEC 18045 andprovides more specific guidance on the identification, selection and assessment of relevant potentialvulnerabilities in order to conduct an ISO/IEC 15408 evaluation of a software target of evaluation. ThisTechnical Report leverages publicly available information security resources to support the methodof scoping and implementing ISO/IEC 18045 vulnerability analysis activities. The Technical Reportcurrently uses the common weakness enumeration (CWE) and the common attack pattern enumerationand classification (CAPEC), but does not preclude the use of any other appropriate resources.Furthermore, this Technical Report is not meant to address all possible vulnerability analysis methods,including those that fall outside the scope of the activities outlined in ISO/IEC 18045.This Technical Report does not define evaluator actions for certain high assurance ISO/IEC 15408components, where there is as yet no generally agreed guidance.Cross References:ISO/IEC 15408-1ISO/IEC 15408-2ISO/IEC 15408-3ISO/IEC 18045ISO/IEC 15026-2