The class addresses the existence of exploitable covert channels, the possibility of misuse or incorrect configuration of the TOE, the possibility to defeat probabilistic or permutational mechanisms, and the possibility of exploitable vulnerabilities introduced in the development or the operation of the TOE.
Figure 14.1 shows the families within this class, and the hierarchy of components within the families.
Figure 14.1 -Vulnerability assessment class decomposition