Not all discussions are / have been minuted but this is a page that is available to keep some public notes.
Minutes September 05, 2019'19, 2019
Participants:
- Erika Anden
- Dirk Leopold (Itemis)
- Till Fischer (Itemis)
- Bevan Watkiss (Irdeto)
- Gunnar Andersson (GENIVI)
- Philippe Robin (GENIVI)
- Steve Crumb
- Ziv Levi (Arilou) (was not introduced. Participated part of the time)
Minutes
Dirk: I think the primary motivation for participating (in the Security Evaluation Framework project) is that the ISO/SAE 21434 will basically make it mandatory.
...Is it truly mandatory?
Erika: To my understanding it is at first optional to follow this, but over time this might change.
Dirk: Yes, I think it becomes a kind of expected behavior. If some companies do this analysis, others will be expected to also do it (to be protected in case of a problem). Also, (things like this) tends to enter the value chain, so OEMs require it from suppliers, etc.
There is a flowchart from 21434 that is very useful and roughly the basis. The ISO spec content should not be reproduced to parties that have not licensed a copy of it. The flow chart is useful for discussion but should be avoided for a future publication of the (sub)project charter.
We worked to improve the draft charter/description of this subproject (limited access to active group participants for the moment). Results are shown on the page.
Minutes September 05, 2019
Participants:
- Bastien Kruck (Itemis)
- Mike Nunnery
- Bevan Watkiss (Irdeto)
- Bastian Kruck (Itemis)
- Till Fischer (Itemis)
- Gunnar Andersson (GENIVI)
- Philippe Robin (GENIVI)
- Steve Crumb (part time)
...