| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 26 Aug 2006 07:49:48 -0400
From: "Clement Dupuis" <cdupuis@...ure.org>
To: "'Nguyen Pham'" <nguyen.petronius@...il.com>, <pen-test@...urityfocus.com>,
<full-disclosure@...ts.grok.org.uk>
Cc:
Subject: RE: CC evaluation
Obviously this is a paragraph extracted out of context from some documents.
By itself it is totally wrong but it might make sense if we have access to
the whole document.
Depending on the EAL level being sought you might not even look at the
design process or development process at all. Only the higher level would
require this.
Can you tell us where the paragraph was extracted from?
Take care
Clement
_____
From: Nguyen Pham [mailto:nguyen.petronius@...il.com]
Sent: Saturday, August 26, 2006 6:32 AM
To: pen-test@...urityfocus.com; full-disclosure@...ts.grok.org.uk
Subject: [Full-disclosure] CC evaluation
Hi all,
Could you please give your comments on the following point:
"CC is an evaluation of design methods, not an evaluation of security
functionality. It is the system development process that is being evaluated,
not the system itself. This means that the given EAL only states whether a
larger enough pile of paperwork over the design process exists or not. The
correctness and importance of those papers doase not even have to be
verified and examined".
Thanks for your helps,
Nguyen Pham.
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists