Re[2]: Penetration testing via shrinkware

[Richard Christie <richardc () sundown ncsc mil>]

MJR Wrote:
> *BUT* it's important to understand the principles behind them
> so you can steal the good ideas and then shortcut from there.
> For example, instead of laborious "proofs" that your security
> model makes sense, substitute a solid design document that
> explains the background behind your security architecture and
> why you think it's any good. Instead of laborious external
> code reviews, substitute a red team internal review of the
> security critical chunks of code. Instead of a Trusted Computer
> Base, substitute clean documentation of which chunks are security
> critical and how they interact with other chunks, as well as
> decently defined permission boundaries.

> In other words, steal the good ideas from the past, but don't
> chain yourself to the orange book albatross.

What your really driving at Marcus is developing software in a trusted manner. 
Companies developing Firewall software should be evaluated by SEI for a
Capability Maturity Model (CMM) rating.  Companies that are at
level 2 or level 3 of CMM have this kind of documentation, and already have in
place peer reviews.  Also, you can use the Trusted Development Methodology (used
to be TSDM) and accomplish much of the same thing.  Your right, the Orange Book
evaluations take entirely too long, so why not evaluate the development process,
and certify a product based on that evaluation? It won't get you a bullet proof
Firewall, or bullet proof software, but what will? Surely not an orange book
evaluation.  Microsoft was given a C2 rating for Windows NT 3.1 *not* connected
to a network.  


Richard Christie, SAIC