Full Disclosure mailing list archives
Re: Can ISO15408 evaluated products be trusted?
From: Nora Barrera <nora15408 () yahoo com>
Date: Sat, 21 May 2005 06:36:29 -0700 (PDT)
--- Valdis.Kletnieks () vt edu wrote:
Ask the vendor for a copy of the evaluation report.
But those reports do not contain any valuable information for me. What kind of tests were done? How? It looks like security by obscurity.
Note that the EAL and PP interact - a CAPP (Controlled Access) evaluated at EAL4 may actually provide less *real* protection than an LSPP (Labeled System) evaluated to EAL3 - the EAL4 just means they've done more work to prove the *provided* security works as
advertised. What's the use of security functions if they can be circumvented? Yahoo! Mail Stay connected, organized, and protected. Take the tour: http://tour.mail.yahoo.com/mailtour.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Can ISO15408 evaluated products be trusted? Nora Barrera (May 18)
- Re: Can ISO15408 evaluated products be trusted? Valdis . Kletnieks (May 18)
- Re: Can ISO15408 evaluated products be trusted? Nora Barrera (May 21)
- Re: Can ISO15408 evaluated products be trusted? HHikita (May 21)
- Re: Can ISO15408 evaluated products be trusted? Valdis . Kletnieks (May 21)
- Re: Can ISO15408 evaluated products be trusted? Nora Barrera (May 21)
- Re: Can ISO15408 evaluated products be trusted? HHikita (May 18)
- <Possible follow-ups>
- Re: Can ISO15408 evaluated products be trusted? Nora Barrera (May 20)
- Re: Can ISO15408 evaluated products be trusted? HHikita (May 20)
- Re: Can ISO15408 evaluated products be trusted? Nora Barrera (May 21)
- Re: Can ISO15408 evaluated products be trusted? HHikita (May 21)
- Re: Can ISO15408 evaluated products be trusted? Valdis . Kletnieks (May 18)