7.2 Software vendors must establish a process for timely development and deployment of security patches and upgrades, which includes delivery of updates and patches in a secure manner with a known chain-of-trust, and maintenance of the integrity of patch and update code during delivery and deployment.
7.2.a Obtain and examine processes to develop and deploy security patches and upgrades for software. Verify the processes include:
[li]Timely development and deployment of patches to customers[/li][li]Delivery of patches and updates in a secure manner with a kno+B66wn chain-of-trust[/li][li]Delivery of patches and updates in a manner that maintains the integrity of the deliverable[/li][li]Integrity testing of the patch or update by the target system prior to installation[/li][/ul]
7.2.b To verify that the integrity of patch and update code is maintained, run the update process with arbitrary code and determine that the system will not allow the update to occur.