[trustable-software] Code of Practice on IoT: UK Government Report
trustable at panic.fluff.org
trustable at panic.fluff.org
Fri May 25 14:32:41 BST 2018
I wonder how many people have read the "Secure by Design Report"
https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/686089/Secure_by_Design_Report_.pdf
Co
It has a 13 point code
1) No default passwords
2) Implement a vulnerability disclosure policy
3) Keep software updated
4) Securely store credentials and security-sensitive data
5) Communicate securely
6) Minimise exposed attack surfaces
7) Ensure software integrity
8) Ensure that personal data is protected
9) Make systems resilient to outages
10) Monitor system telemetry data
11) Make it easy for consumers to delete personal data
12) Make installation and maintenance of devices easy
13) Validate input data
How could they related to what we are doing with Trustable ?
We've talked about development and declarative instantiation and
behaviour, which sort of fits the integrity of the software. I wondered
what we might bring to the attention of the need to have software updated
and maintained..
Edmund
--
========================================================================
Edmund J. Sutcliffe Thoughtful Solutions; Creatively
<edmunds at panic.fluff.org> Implemented and Communicated
<http://panic.fluff.org> +44 (0) 7976 938841
More information about the trustable-software
mailing list