Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Penetration testing via shrinkware

From: "John Grillo" <John.Grillo () raba com>
Date: Tue, 22 Sep 1998 09:09:04 -0400
I strongly agree. I spent five years on the project that killed the orange
book, Trusted mach.  It was a 
dream come true when the orange book died.  Our company spent 10 years
developing the OS
and when it came time to evaluate it, we didn't have enough paperwork to
justify it.  Instead of learning
their lesson,  the government comes out with the new criteria. 





----------

From: Marcus J. Ranum <mjr () nfr net>
To: firewall-wizards () nfr net
Subject: Re: Penetration testing via shrinkware 
Date: Monday, September 21, 1998 8:40 PM

Christopher Nicholls wrote:

Have you checked out the Common Criteria model?


Yeah, it's like the orange book written by lawyers.

Clearly what happened is that the orange book specs were too
complex to implement in a timely and cost effective manner.
So the powers that be decided to implement a security
evaluation criteria model that would allow them to redefine
things so that basically anything is OK as long as you
say it's OK. Cover the problem with layers of paper. :(

mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr
Previous By Date Next
Previous By Thread Next

Current thread: