Security Basics mailing list archives
RE: Sun cans Trusted Solaris, was Why Easy To Use Software Is Putting You At Risk
From: "Steven Jones" <Steven.Jones () vuw ac nz>
Date: Mon, 27 Feb 2006 09:51:44 +1300
The answer should be obvious, Most people don't want security at any cost, otherwise most people would not be running a MS OS. The answer is a balance of cost, usability and security. The service has to be affordable when looked at in TCO terms. Ie yes, risk of being hacked has to be considered as part of business risk/impact on the life cycle, but it is usully not the be all and end all. Also add in getting applications to run well on an anally retentative system can be hard work, the performance if lots of logging is done can kill i/o....so often the hardware costs more....ie bigger disks or better still a separate i/o channel for logging and 2 disks minimum....... So while there will be organisations that want these high levels of security these are so few that the economics of specialist OSes is not there.... Regards Steven -----Original Message----- From: Craig Wright [mailto:cwright () bdosyd com au] Sent: Friday, 24 February 2006 12:56 p.m. To: dave kleiman; security-basics () securityfocus com Subject: Sun cans Trusted Solaris, was Why Easy To Use Software Is Putting You At Risk Hello, Many people on the list have the idea that people want secure software at any cost. Sun have produced a very good product - Trusted solaris for a long time. I would like people to answer me (if they can) why they have decided to stop producing it. To explain why, if everyone wants secure by design software they are not willing to pay the extra cost to obtain it and thus why Sun is going to no longer support this OS. Trusted Solaris has an EAL 4+ rating, supports MAC and RBAC and has a verified architecture. Instead Sun will add ECC (elliptice curve crypto) to the existing versions of Solaris. Flames welcome, please explain why more people are not implementing a provably more secure system when it is available. Regards Craig S Wright See: http://www.infoworld.com/article/06/02/13/75309_HNendtrustedsolaris_1.ht ml Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. DISCLAIMER The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO. BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access. ------------------------------------------------------------------------ --- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Sun cans Trusted Solaris, was Why Easy To Use Software Is Putting You At Risk Craig Wright (Feb 24)
- RE: Sun cans Trusted Solaris, was Why Easy To Use Software Is Putting You At Risk Al Sutton (Feb 24)
- Re: Sun cans Trusted Solaris, was Why Easy To Use Software Is Putting You At Risk Robert Escue (Feb 27)
- <Possible follow-ups>
- RE: Sun cans Trusted Solaris, was Why Easy To Use Software Is Putting You At Risk Craig Wright (Feb 27)
- Re: Sun cans Trusted Solaris, was Why Easy To Use Software Is Putting You At Risk b . hines (Feb 27)
- RE: Sun cans Trusted Solaris, was Why Easy To Use Software Is Putting You At Risk Steven Jones (Feb 27)
- Re: RE: Sun cans Trusted Solaris, was Why Easy To Use Software Is Putting You At Risk jchambers (Feb 28)