Penetration Testing mailing list archives
RE: common criteria draft
From: "Brewis, Mark" <mark.brewis () eds com>
Date: Tue, 7 Jan 2003 12:57:59 -0000
The Common Methodology for Information Technology Security Evaluation, Vulnerability Analysis and Penetration Testing document is a draft of Common Criteria Method for formal Evaluation. I don't know how many people reading the lists have any involvement in formal Evaluation, but I doubt it is very many. This isn't really Penetration Testing as the majority of people on these lists understand it. Unless someone works for an Evaluation Facility, then they aren't likely to have come across this or have the background knowledge to put the document into context. There is some good stuff in there if you need to develop a formal method for Penetration Testing, but it isn't an easy read. This entire process is still under review, and probably won't be finalised until late 2003/early 2004. EDS CLEF are involved in reviewing this process as an Evaluation Facility (although I do not have any involvement in that process.), as are the other Evaluation Facilities. Hope this helps, Mark Mark Brewis Security Consultant EDS EDS CLEF Information Assurance Group Wavendon Tower Milton Keynes Buckinghamshire MK17 8LX. -----Original Message----- From: Fernando Martins [mailto:fernando.martins () esoterica pt] Sent: Monday, January 06, 2003 11:02 PM To: pen-test () securityfocus com; isecom-discuss () lists sourceforge net Subject: common criteria draft I just stumble here ... http://www.commoncriteria.org/review_docs/index.html#avav068 funny that I never saw postings about this here FM ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- common criteria draft Fernando Martins (Jan 06)
- <Possible follow-ups>
- RE: common criteria draft Brewis, Mark (Jan 07)
- RE: common criteria draft Aleksander P. Czarnowski (Jan 08)
- New security testing tool kyle (Jan 11)
- RE: common criteria draft Brewis, Mark (Jan 10)