[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Can ISO15408 evaluated products be trusted?

To: HHikita <h_hikita@xxxxxxxxxxx>
Subject: Re: [Full-disclosure] Can ISO15408 evaluated products be trusted?
From: Nora Barrera <nora15408@xxxxxxxxx>
Date: Sat, 21 May 2005 06:34:30 -0700 (PDT)

--- HHikita <h_hikita@xxxxxxxxxxx> wrote:
> But you  need a common vocabulary to describe
> security specifications.

This vocabulary should be understood by more than 100
people.

> How else would you expect to archive common
> recognition between all those countries. :-P

Is this even possible, considering the cultural
differences?
I was told that "internal risk" is not taken into
account in Japan. No employee would hack his own
company.

> the statement are understandable by its target
> audience (i.e. evaluators and consumers)."

How can this be evaluated? The evaluation laboratory
says "Not clear, not understandable". And the guy who
wrote the description answers "you are too stupid to
understand it". What happens next?

> So everything other than those FDP_,FCS_, FIA_,
> FAU_, ALC_... things,
> is supposed to be understandable.

_Supposed_
You said it!

Discover Yahoo! 
Get on-the-go sports scores, stock quotes, news and more. Check it out! 
http://discover.yahoo.com/mobile.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Can ISO15408 evaluated products be trusted?
  - From: HHikita

Prev by Date: Re: [Full-disclosure] COX Internet Outage
Next by Date: Re: [Full-disclosure] Can ISO15408 evaluated products be trusted?
Previous by thread: Re: [Full-disclosure] Can ISO15408 evaluated products be trusted?
Next by thread: Re: [Full-disclosure] Can ISO15408 evaluated products be trusted?
Index(es):
- Date
- Thread