[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Can ISO15408 evaluated products be trusted?

To: Nora Barrera <nora15408@xxxxxxxxx>
Subject: Re: [Full-disclosure] Can ISO15408 evaluated products be trusted?
From: HHikita <h_hikita@xxxxxxxxxxx>
Date: Fri, 20 May 2005 20:44:06 +0900

Nora Barrera wrote:

>Who understands this strange CC dialect? For me, a ST
>is black magic, not a security specification.
>
Functional Requirements and Assurance Requirements might seem mind
boggling at first.
But you  need a common vocabulary to describe security specifications.
How else would you expect to archive common recognition between all
those countries. :-P

Well actually,  for each section of the PP/ST there is a requirement
that says
the section must be coherent.  For example CEM says in paragraph 300

"The statement of the TOE description is coherent if the text and
structure of
the statement are understandable by its target audience (i.e. evaluators and
consumers)."

So everything other than those FDP_,FCS_, FIA_, FAU_, ALC_... things,
is supposed to be understandable.

__________________________________
Do You Yahoo!?
Upgrade Your Life
http://bb.yahoo.co.jp/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] Can ISO15408 evaluated products be trusted?
  - From: Nora Barrera

Prev by Date: [Full-disclosure] [SECURITY] [DSA 726-1] New oops packages fix format string vulnerability
Next by Date: [Full-disclosure] UPDATE: [ GLSA 200504-23 ] Kommander: Insecure remote script execution
Previous by thread: Re: [Full-disclosure] Can ISO15408 evaluated products be trusted?
Next by thread: Re: [Full-disclosure] Can ISO15408 evaluated products be trusted?
Index(es):
- Date
- Thread