Security Testing Guidelines for Media Companies & Media System Vendors

EBU R 160 S1

This is Supplement 1 to EBU R160 version 2.0 (September 2023).

Open file (pdf, 0.3 MB)

Email me a link

It provides guidelines for performing vulnerability assessments of broadcast equipment (Device under test - DuT).

It outlines:

  • Basic tests (mostly automated) that should be performed for every DuT to ensure a minimal security baseline.
  • Advanced tests for in-depth and manual analysis of possible vulnerabilities. They should be performed if the DuTs Threat-and-Risk Assessment shows higher risk and/or is business-critical, as well as subject to available resources.

Vulnerability Scanning and Penetration testing are addressed in this supplement and a number of tools (programs and procedures) that might be appropriate to these sorts of testing are mentioned




The use of the software and guidelines described in this supplement to R160 for attacking target systems without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws.

The authors assume no liability and are not responsible for any misuse or damage caused by following the guidelines or using the software described in this document.

The tools listed in this document are examples of available tools. The EBU does not endorse any of the vendors or scanning tools by listing them in this document.

Described tests and methods may not uncover all vulnerabilities that are present.


Note that this Supplement may be updated from time to time as experience and feedback is received from EBU Members.


Keywords: Cybersecurity, Media Systems, Vulnerability, Vendor, Vulnerabilities, CVE, CVSS, CAN, Security Testing, Ethical Hacking.