Excluded vulnerabilities.

  • Attacks based on “social engineering” by employees or dealers
  • Phishing attempts
  • CSP vulnerabilities; SSL/TLS best practices
  • Denial-of-service attacks on servers and websites
  • Self-XSS and other vulnerabilities only possible through Self-XSS
  • Non-reproducible vulnerabilities
  • Sabotage of mechanical vehicle parts
  • Fake/replayed CAN messages or performance of diagnosis jobs