Firewall Wizards mailing list archives
Re: Penetration testing via shrinkware
From: "John Grillo" <John.Grillo () raba com>
Date: Tue, 22 Sep 1998 09:09:04 -0400
I strongly agree. I spent five years on the project that killed the orange book, Trusted mach. It was a dream come true when the orange book died. Our company spent 10 years developing the OS and when it came time to evaluate it, we didn't have enough paperwork to justify it. Instead of learning their lesson, the government comes out with the new criteria. ----------
From: Marcus J. Ranum <mjr () nfr net> To: firewall-wizards () nfr net Subject: Re: Penetration testing via shrinkware Date: Monday, September 21, 1998 8:40 PM Christopher Nicholls wrote:Have you checked out the Common Criteria model?Yeah, it's like the orange book written by lawyers. Clearly what happened is that the orange book specs were too complex to implement in a timely and cost effective manner. So the powers that be decided to implement a security evaluation criteria model that would allow them to redefine things so that basically anything is OK as long as you say it's OK. Cover the problem with layers of paper. :( mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
Current thread:
- Re: Penetration testing via shrinkware, (continued)
- Re: Penetration testing via shrinkware Christopher Nicholls (Sep 23)
- Re: Penetration testing via shrinkware Marcus J. Ranum (Sep 23)
- Re: Penetration testing via shrinkware Ted Doty (Sep 24)
- Re: Penetration testing via shrinkware James Goldston (Sep 21)
- Re: Penetration testing via shrinkware Frederick M Avolio (Sep 21)
- encrypting modem arjo (Sep 22)
- Re: encrypting modem Leonard Miyata (Sep 23)
- Re: encrypting modem Michael Barkett (Sep 23)
- Re: encrypting modem iCefoX (Sep 23)
- Re: Re[2]: Penetration testing via shrinkware Marcus J. Ranum (Sep 23)
- Re: Penetration testing via shrinkware David Collier-Brown (Sep 24)
- Re: Re[2]: Penetration testing via shrinkware Perry E. Metzger (Sep 24)
- Re: Re[2]: Penetration testing via shrinkware Joseph S. D. Yao (Sep 24)
- Re: Penetration testing via shrinkware David Collier-Brown (Sep 24)