Explanation: It requires a specification of system behavior and testing against that specification to achieve different coverages.
Vulnerabilities addressed: This is a general tool for assuring implemented software performs as designed. It is not targeted at detecting specific vulnerabilities but has proven effective for assuring safety in many life-critical systems.
Developer resources required: Requires system specification at a level of detail sufficient to validate test results. The coverage criterion demands extensive testing of the software and might not be feasible for large code bases; it is appropriate for life-critical medical software.
Evaluator resources required: Requires resources to review test results (some automation should be possible to see that test and specification match) and assure fielded software is the tested software.