RE: [IDS] IDS Common Criteria

["Greg van der Gaast" <greg.vandergaast () wanadoo nl>]

-----Oorspronkelijk bericht-----
Van: Randy Taylor [mailto:gnu () charm net] 
Verzonden: Wednesday, January 08, 2003 12:50 AM
Aan: Talisker; focus-ids () securityfocus com; ids () mailman vet com au
Onderwerp: Re: [IDS] IDS Common Criteria

*SNIP*

> I wouldn't be surprised to see the commercial sector adopt
> C&A processes and demand CC certs in the next year or two.


And rule out the use of just about every piece of open source software
as well as anything coming from research or small innovative companies
who don't have the millions to get the accreditations...

Fantastic plan. I'm working on a project for NATO. 100% feasible, yet
impossible to achieve using accredited products. We wasted $400,000 this
week to install some firewalls because a bureaucrat felt things would be
more secure with it. Considering he wanted the firewall on a panel with
incoming analog voice calls I don't need to explain to you why we're
shipping these systems to Afghanistan without them even being plugged
in. The boxes are in there so the bureaucrats are happy.

C&A is a curse that not only doubles costs and development time (at
least) but also basically assures that leading edge security
technologies can't be used.

My 2 cents.

Regards,

Greg van der Gaast