---
tags: review, wp2, deliverable
title: Review meeting comments
---
# General comment
## Request
WP2 – “Guidelines and Procedures for System and Software Security and Legacy Compliance”, activity is related with the definition of security and privacy metrics and the development of different tools, including validation of GDPR
compliance. Outcome of the WP is reflected in D2.1 in which they provide a detailed analysis of the state of the art, however the tools to be used in SIFIS-HOME are not clearly stated. In D2.2 the proposed API labelling system is rather innovative and will allow developers to transparently manage security and privacy, however, a link with the requirements is missing. D2.6 provided a review of GDPR application, however there is no concrete measures to SIFIS-HOME.
## Questions
1. Tools are going to be described in deliverable 2.3. @Luni-4 is going to write `rust-code-analysis`, `sifis-generate`, `complex-code-spotter`, and if it's ready before the deadline, also `weighted-code-coverage`, in addition to some notion about `grcov`. @dodomorandi and @lu-zero do you have to write something about Wot inside wp2.3, thus the tools you are creating right now?
2. What is the *link to requirements* for security and privacy requested by reviewers?
3. What are *concrete measures* to SIFIS-HOME for D2.6?
# 2.1 comment
1. Until page 19 there is no address to privacy and security metrics
2. Deliverable is a SotA – Description indicates: “Technical report documenting security and privacy metrics to be used for assessing IoT software.” But this is not explicitly addressed in the deliverable
3. In several places they say “quality” but it is not included in the DoA or description of the deliverable.
4. The deliverable shows a generic picture of the state of the art. But conclusions concerning what specific metric/tools will be used in SIFIS-HOME are missing.
## Analysis per points
1. Accept the comment and smile
2. Accept the comment and smile
3. Accept the comment and smile
4. Described in deliverable 2.3
# 2.2 comment
1. Labelling system is relevant
2. Traffic light system requires further explanation
## Analysis per points
1. This is great!
2. Described in deliverable 2.3 using the video created by @marco-rasori for the review meeting, so we are going to explain in a practical way how the traffic light systems work
# 2.6 comment
1. Overlap with D2.2, some figure is similar
2. Until section 6 there is no direct application of GDPR to SIFIS-HOME
3. ETSI methodology for GDPR has to be contemplated
## Analysis per points
Sign in with Wallet
Connect another wallet