lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Sat May 21 14:34:42 2005
From: nora15408 at yahoo.com (Nora Barrera)
Subject: Can ISO15408 evaluated products be trusted?

--- HHikita <h_hikita@...oo.co.jp> wrote:
> But you  need a common vocabulary to describe
> security specifications.

This vocabulary should be understood by more than 100
people.

> How else would you expect to archive common
> recognition between all those countries. :-P

Is this even possible, considering the cultural
differences?
I was told that "internal risk" is not taken into
account in Japan. No employee would hack his own
company.

> the statement are understandable by its target
> audience (i.e. evaluators and consumers)."

How can this be evaluated? The evaluation laboratory
says "Not clear, not understandable". And the guy who
wrote the description answers "you are too stupid to
understand it". What happens next?

> So everything other than those FDP_,FCS_, FIA_,
> FAU_, ALC_... things,
> is supposed to be understandable.

_Supposed_
You said it!



		
Discover Yahoo! 
Get on-the-go sports scores, stock quotes, news and more. Check it out! 
http://discover.yahoo.com/mobile.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ