затвердження типу

Гайд користувача

Інженерія кібербезпеки електросамоката: ETSI EN 303 645 V3.2.0:2024-12 baseline (13 provisions для consumer IoT — no default password, vulnerability disclosure RFC 9116, secure update, secure storage, secure communication), ISO/SAE 21434:2021 road-vehicle cybersecurity engineering (TARA threat analysis + risk assessment), ISO/SAE 24089:2023 software update engineering, UNECE R155 CSMS (Cybersecurity Management System) обов'язковий для type-approval нових типів з 07-2022, UNECE R156 SUMS (Software Update Management System), EU Cyber Resilience Act 2024/2847 (Regulation 2024-10-23, applicability 2027-12-11 + reporting obligations 2026-09-11), NIST SP 800-193:2018 Platform Firmware Resilience Guidelines (Protection-Detection-Recovery RoT), NIST SP 800-183 IoT Networks of Things, IEC 62443-4-1/-4-2 secure product development lifecycle, Bluetooth Core 5.4 LE Secure Connections з ECDH P-256 (заміна Just Works як baseline), IEEE 802.11i WPA3-Personal SAE Dragonfly key exchange, RFC 9116 security.txt responsible-disclosure, attack surface (BLE pairing Just Works/Numeric Comparison/Passkey Entry/OOB, Bluetooth protocol attacks KNOB CVE-2019-9506 + BIAS CVE-2020-10135 + BLURtooth CVE-2020-15802 + BLESA CVE-2020-9770, firmware via JTAG/SWD/USB DFU, motor controller CAN bus, mobile app↔cloud TLS, OTA update channel signing, GPS spoofing, smart-battery BMS handshake, hardware UART debug eFuse), mitigation (LE Secure Connections ECDH P-256 + mutual TLS certificate pinning + secure boot signed bootloader + signed firmware AES-256 + anti-rollback monotonic counter + HSM/secure element ATECC608B/NXP A1006/SE050 + SBOM SPDX CycloneDX + RFC 9116 security.txt + Coordinated Vulnerability Disclosure ISO/IEC 29147:2018 + penetration testing ISTQB), incidents (Xiaomi M365 BLE anti-lock bypass 2019 Zimperium Rani Idan, Lime BLE replay attack 2019, Bird/Lime API IDOR 2020, Ninebot ES1/ES2/ES4 BLE pwd 888888 vulnerability, Tier/Voi unauthorized unlock 2022, hoverboard CVE catalogue 2018)

Інженерний deep-dive у кібербезпеку електросамоката як четверта cross-cutting infrastructure axis — паралельна до [інженерії різьбових з'єднань як joining-axis](@/guide/fastener-and-bolted-joint-engineering.md), [термоменеджменту як heat-dissipation axis](@/guide/thermal-management-engineering.md) і [EMC/EMI як interference-mitigation axis](@/guide/emc-emi-engineering.md). Покриває: 10-row standards matrix (ETSI EN 303 645 V3.2.0:2024-12 consumer IoT baseline, ISO/SAE 21434:2021 road-vehicle TARA, ISO/SAE 24089:2023 SW update engineering, UNECE R155 CSMS, UNECE R156 SUMS, EU CRA 2024/2847, NIST SP 800-193 firmware RoT, IEC 62443-4-1 secure SDLC, Bluetooth Core 5.4 LE Secure Connections, IEEE 802.11i WPA3-SAE); 7-row attack-surface matrix (BLE pairing методи + KNOB/BIAS/BLURtooth/BLESA + firmware JTAG/SWD/DFU + mobile↔cloud TLS + OTA signing + GPS spoofing + smart-battery handshake); 6-row mitigation matrix (LE Secure Connections + mutual TLS + secure boot + signed firmware + anti-rollback + HSM/SE); 6-row real-incident matrix (Xiaomi M365 2019 + Lime BLE 2019 + Bird IDOR 2020 + Ninebot pwd 888888 + Tier/Voi 2022 + hoverboard catalogue); 8-step DIY security check; 6-step DIY remediation; EU Cyber Resilience Act timeline (2024-12-10 entry into force, 2026-09-11 reporting obligations, 2027-12-11 full applicability); 16 нумерованих розділів.

20.05.2026 17 хв читання

Інженерія верифікації і валідації (V&V) електросамоката як 33-тя engineering axis: verification-validation meta-axis — IEEE 1012:2016 + ISO/IEC/IEEE 29119 + 12207:2017 + 15288:2015 + IEEE 730 + 1028 + V-Model + W-Model + Boehm 1979 + IV&V + ISO 26262-8 + DO-178C

Інженерний deep-dive у V&V (verification & validation) engineering як 33-тю engineering axis і 6-ту process meta-axis. Описує systematic methodology для answering двох question'ів Boehm 1979 — verification («Are we building the product right?» — чи будуємо продукт за правилами + специфікаціями) і validation («Are we building the right product?» — чи задовільняє продукт real-world user need) — поверх усіх інших axes. Покриває: IEEE 1012:2016 *Standard for System, Software, and Hardware Verification and Validation* (V&V life cycle процеси для systems + software + hardware; integrity levels 1-4 з risk-graduated rigor; aligned з ISO/IEC/IEEE 15288:2015 + 12207:2017); ISO/IEC/IEEE 29119 family — пʼятичастинний testing-standard (Part 1:2022 concepts/definitions; Part 2:2021 test processes; Part 3:2021 test documentation замість IEEE 829-2008; Part 4:2021 test techniques; Part 5:2024 keyword-driven testing); ISO/IEC/IEEE 12207:2017 software life cycle V&V; ISO/IEC/IEEE 15288:2015 system life cycle V&V; IEEE 730:2014 SQA Plan; IEEE 1028:2008 software reviews + audits з 5 типами (management, technical, inspection, walk-through, audit) + Fagan inspection IBM 1976 origin; V-Model (Forsberg-Mooz 1991 + Boehm refinement; left-side requirements/design + right-side V&V mirror); W-Model (extension з V&V activities у parallel з development); Boehm 1979 verification-vs-validation seminal distinction; IV&V (Independent V&V) per IEEE 1012 з 3 independencies (technical + managerial + financial); test coverage criteria (statement, branch, decision, MC/DC, path); mutation testing DeMillo-Lipton-Sayward 1978; ISO 26262-8:2018 clause 9 verification of safety requirements + clause 10 software verification; DO-178C software considerations in airborne systems з 5 software levels A-E; traceability matrix RTM requirements → design → code → tests; risk-based testing ISO/IEC/IEEE 29119-2:2021 cross-link до risk-management EV; defect taxonomies; TMMi 5 levels. 32-row cross-axis matrix мапить V&V concept до кожної з 32 попередніх engineering axes (battery cycling chamber test + brake dyno + motor torque-loop verification + tire UNECE R75 validation + EMC chamber + IP-spray chamber + cybersecurity pen-test + functional-safety HiL); 8-step DIY owner V&V «tells» checklist (test reports availability + certification body + independent test lab marks + manufacturer field-issue track-record + traceability between datasheet specs and actual measurements).

20.05.2026 15 хв читання