Re: Some recent articles

[robert () dyadsecurity com]

Dave Aitel(dave () immunitysec com)@Fri, Apr 01, 2005 at 02:29:49PM -0500:
> Basically, the cost of ownership of Windows (despite all their recent
> work) is so high that people should really only use it as a platform
> if security is not a concern, is what the government is trying to say.

This mindset of eliminating the perception of insecurity while not
actually fixing the problem is pervasive.

Market pressure is an interesting thing to watch.  I think the market is
warming up to the idea of having product vendors specify what security
mechanisms are built in, what level of assurance to place in the
security mechanisms, tests to validate that the security mechanisms are
performing correctly, and documentation on how to use the product on
networks where there may be directed malice.  Not surprisingly, those
basic needs have not changed much since the 80's when the Orange book
(http://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.pdf) came
out.

As people grow tired of constantly being compromised, I predict a
growing popularity for standards like Common Criteria
(http://www.commoncriteriaportal.org/).

Robert

-- 
Robert E. Lee
CEO, Dyad Security, Inc.
W - http://www.dyadsecurity.com
E - robert () dyadsecurity com
M - (949) 394-2033
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave