Full Disclosure mailing list archives
Re: Can ISO15408 evaluated products be trusted?
From: Nora Barrera <nora15408 () yahoo com>
Date: Sat, 21 May 2005 06:34:30 -0700 (PDT)
--- HHikita <h_hikita () yahoo co jp> wrote:
But you need a common vocabulary to describe security specifications.
This vocabulary should be understood by more than 100 people.
How else would you expect to archive common recognition between all those countries. :-P
Is this even possible, considering the cultural differences? I was told that "internal risk" is not taken into account in Japan. No employee would hack his own company.
the statement are understandable by its target audience (i.e. evaluators and consumers)."
How can this be evaluated? The evaluation laboratory says "Not clear, not understandable". And the guy who wrote the description answers "you are too stupid to understand it". What happens next?
So everything other than those FDP_,FCS_, FIA_, FAU_, ALC_... things, is supposed to be understandable.
_Supposed_ You said it! Discover Yahoo! Get on-the-go sports scores, stock quotes, news and more. Check it out! http://discover.yahoo.com/mobile.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Can ISO15408 evaluated products be trusted? Nora Barrera (May 18)
- Re: Can ISO15408 evaluated products be trusted? Valdis . Kletnieks (May 18)
- Re: Can ISO15408 evaluated products be trusted? Nora Barrera (May 21)
- Re: Can ISO15408 evaluated products be trusted? HHikita (May 21)
- Re: Can ISO15408 evaluated products be trusted? Valdis . Kletnieks (May 21)
- Re: Can ISO15408 evaluated products be trusted? Nora Barrera (May 21)
- Re: Can ISO15408 evaluated products be trusted? HHikita (May 18)
- <Possible follow-ups>
- Re: Can ISO15408 evaluated products be trusted? Nora Barrera (May 20)
- Re: Can ISO15408 evaluated products be trusted? HHikita (May 20)
- Re: Can ISO15408 evaluated products be trusted? Nora Barrera (May 21)
- Re: Can ISO15408 evaluated products be trusted? HHikita (May 21)
- Re: Can ISO15408 evaluated products be trusted? Valdis . Kletnieks (May 18)