FAQ
16 questions, answered.
Each FAQ page has a QAPage schema, a short answer at the top, and a longer explanation below. Optimized for AI-search citation and human readability.
-
Do we need MLPS readiness if our SaaS has no Chinese users?
Generally no, but the assumption "we serve no Chinese users" is more fragile than it looks. The MLPS framework triggers based on where systems are operated and what data they process — not on customer geography alone. If your SaaS is hosted in mainland China (Aliyun, Tencent Cloud, etc.) it is subject to MLPS regardless of customer location. If your SaaS is hosted overseas but stores or processes data from Chinese users, you may still trigger PIPL Cross-Border requirements, which functionally requires China-side compliance posture.
-
Should we do TARA before ECU pentest?
Yes, if you have the time and the system is non-trivial. TARA (Threat Analysis & Risk Assessment) per ISO/SAE 21434 surfaces architectural issues that ECU-level penetration testing alone cannot find, and it shapes the testing scope so that engineering time goes into the highest-risk paths first. For a single ECU in a known threat model, TARA can be lightweight; for a multi-ECU subsystem with novel attack surface, it pays for itself many times over.
-
ROS1 vs ROS2 — security differences
ROS1 was designed with zero security primitives — communication is plaintext, there is no authentication, and any node on the network can publish or subscribe to anything. ROS2, built on DDS, has a security framework called SROS2 that provides authentication, encryption, and access control. But SROS2 is opt-in, and many production ROS2 deployments do not enable it — in which case ROS2 has essentially the same security posture as ROS1, just on a different transport.
-
What's the difference between LLM red teaming and prompt injection testing?
LLM red teaming is the broad discipline — end-to-end adversarial probing of an AI system covering the model, retrieval layer, agentic orchestration, output handling, and downstream actions. Prompt injection is one technique within that. A red-team engagement uses prompt injection alongside jailbreaking, model extraction, data leakage probing, tool-misuse attacks, multi-turn context manipulation, and agent-coordination attacks.
-
ISO 21434 readiness vs certification
ISO/SAE 21434 itself is a process standard — it defines what activities your cybersecurity engineering process must perform, not a binary pass/fail certification. "Certification" against ISO/SAE 21434 typically refers to one of two things: a third-party assessment confirming your process complies (most common in automotive supply chains), or compliance with UN-R 155, which is a regulation that mandates CSMS (Cybersecurity Management System) and references ISO/SAE 21434 as the recommended implementation. Most buyers who say "we need ISO 21434 certification" are talking about UN-R 155 type approval, which is a regulatory requirement, not the optional ISO certification process.
-
What's the difference between UN-R 155 and ISO/SAE 21434 — do I need both?
No. UN-R 155 is a regulation; ISO/SAE 21434 is a standard. UN-R 155 mandates the *outcome* (a Cybersecurity Management System must exist and operate); ISO/SAE 21434 specifies *how* to implement it. In practice manufacturers comply with UN-R 155 by implementing ISO/SAE 21434, but the two are distinct artifacts and you can fail at one while passing the other.
-
Will you exploit CAN bus during a pentest, or only document the path?
It depends on the engagement target and the safety-of-life implications. On bench rigs with separated safety-critical actuators we exploit fully. On instrumented test vehicles we exploit with documented safety controls. On production vehicles we typically stop at proof-of-access and document the exploitation path rather than execute commands that could affect driver safety.
-
Does PIPL apply if my product never touches mainland-China users but my Chinese subsidiary processes their data?
Yes, with caveats. PIPL applies extraterritorially when (1) the purpose of processing is to offer products or services to individuals located in mainland China, (2) processing is for the purpose of analyzing or evaluating their behavior, or (3) when explicitly required by law. If your Chinese subsidiary processes PRC-resident personal information for any of those purposes, PIPL obligations attach regardless of where the parent company sits. The harder questions involve cross-border data flow between the subsidiary and the parent, which trigger separate CAC review processes.
-
How does the OWASP LLM Top 10 relate to the NIST AI RMF — do I need both?
They are complementary. The OWASP LLM Top 10 is a tactical risk catalog organized by attack pattern, useful for engineering teams making implementation decisions. The NIST AI RMF is a strategic governance framework organized by lifecycle and risk-management function, useful for executive sponsors, audit teams, and procurement. Mature LLM security programs use both — OWASP for technical work-products, NIST for governance evidence.
-
Will you attempt secure-boot bypass during a hardware engagement, and what evidence do you provide?
Yes, when secure-boot integrity is in the engagement scope. We follow a documented escalation from non-invasive techniques (firmware extraction via debug interfaces, boot-flow observation) to semi-invasive (chip decapsulation, fault injection) only when the scope requires it and the client has approved the destructive cost. Evidence includes the exploitation path, reproduction guide, and an architectural-remediation recommendation that distinguishes immediate workarounds from long-term hardware-revision-required fixes.
-
When you assess an OBD-II dongle, what's in scope — the dongle, the cellular path, or the vehicle network behind it?
By default, all three. An OBD-II dongle creates a security boundary that touches three attack surfaces: the dongle's firmware and local interfaces (Bluetooth, USB), the cellular or wireless path to the dongle's backend (LTE, 5G, Wi-Fi, manufacturer cloud), and the vehicle network behind the OBD-II connector. We typically scope all three because exploitation of any single surface usually leverages the others, and the client's security posture depends on the complete chain.
-
How granular does a TARA need to be — per-ECU, per-feature, or per-domain?
Granular enough that each asset has a stable owner, a defined trust boundary, and a small enough damage-scenario list that the assessor can defend each entry — typically 5-20 assets per ECU class, not hundreds.
-
Will you extract firmware via chip-off if the device has no exposed debug interface?
Yes, when the engagement scope includes hardware-level analysis, the client supplies sacrificial samples, and the chip-off path is the right call against the threat model — not as a default. Chip-off is destructive; we agree on it as a scoping decision, not as a unilateral testing decision.
-
What's the difference between PIPL cross-border consent and CAC security assessment?
Separate consent is a per-individual data-subject mechanism that every transfer needs in some form. CAC security assessment is a regulatory-approval mechanism that only certain transfers need, based on data category and volume. They operate at different layers and one does not replace the other.
-
How does retainer hour banking work — can unused hours roll over?
Retainer hours bank within a 90-day rolling window: unused hours from a given month carry into the next two months, then expire. Hours do not accumulate indefinitely. This keeps the retainer in a true ongoing-engagement frame rather than a stored prepayment.
-
Do we need an NDA before discussing scope with you?
We default to working under a mutual NDA from the first scoping call. If your team has a standard NDA template, we sign yours. If you don't have one, we provide our standard mutual NDA. There is no charge for scoping discussions or for the NDA review.