This is the documentation for the latest (main) development branch of Zephyr. If you are looking for the documentation of previous releases, use the drop-down menu on the left and select the desired version.

Security Document Citations


J. H. Saltzer and M. D. Schroeder, “The protection of information in computer systems,” Proceedings of the IEEE, vol. 63, no. 9, pp. 1278-1308, Sep 1975. [Online]. Available:


M. Paul, “The Ten Best Practices for Secure Software Development,” International Information Systems Security Certification Consortium, Inc. [(ISC)2®], Palm Harbor, FL, USA, 2009.


Microsoft Corporation, Security Development Lifecycle - SDL Process Guidance Version 5.2,2012.


Common Criteria for Information Technology Security Evaluation ver. 3.1 rev. 4, 2012.


Micrium, “Certification Kits,” 2016. [Online]. Available:


National Institute of Standards and Technology, FIPS PUB 140-2: Security Requirements for COMPANY PUBLIC Application note Cryptographic Modules, Gaithersburg, 2002.


Green Hills Software, “INTEGRITY-178B Separation Kernel Security Target v4.2,” 2010.


Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels”, BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997. [Online]. Available:


Microsoft Corporation, “The STRIDE Threat Model, 2009”. [Online]. Available:


Forum of Incident Response and Security Teams, “Common Vulnerability Scoring System v3.0: Specification Document”. [Online]. Available:


Open Web Application Security Project, “Application Threat Modeling”. [Online]. Available:


Core Infrastructure Initiative Best Practices Badge. [Online]. Available: