lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 25 Feb 2004 17:04:14 -0600
From: David Ochel <>
Subject: [Fwd: Announcement of Common Criteria Discussion List]

Dear list members,

please allow me to forward the announcement of our new mailing list to
you. Subscriptions are welcome at


-------- Original Message --------
Subject: Announcement of Common Criteria Discussion List
Date: Wed, 25 Feb 2004 15:01:13 -0600
From: Helmut Kurth <>

Announcement of the Common Criteria Discussion List

atsec information security announces the setup of a discussion list
for aspects related to the Common Criteria and security evaluations.
The purpose of this discussion list is to promote the knowledge about
the Common Criteria as the ISO standard for IT security evaluations
and the methodology to perform such evaluations. The mailing list can
be found at, a web site providing also additional
links to other Common Criteria related information. This site can also
be reached with the URL

As with most other complex standards the Common Criteria require a
significant amount of explanation and guidance for people that are not
experts in this area and just want to learn about the benefit security
evaluations can bring them. Although some good guidance documents have
been published in the past, those documents can not answer all the
questions about security evaluations. The discussion list is intended
to address those problems and bridging the gap between evaluators /
certifiers, the developers of IT products and the users of those
products that need to rely on the security functions provided.

This discussion list is not intended to discuss specific
interpretations of the Common Criteria and the Common Evaluation
Methodology, since this is subject of the Common Criteria
Implementation and Management Board (CCIMB). It is also not intended
to discuss aspects of the different national evaluation schemes.
Instead aspects of the practical use of evaluation results and
practical aspects how the criteria and the evaluation methodology
could be enhanced in the future and embedded into the management of
security within an organization are the main intended topics of this
discussion list.

atsec information security has seen the need for such a discussion
list from various comments and questions received with respect to the
different evaluations we have performed. Especially the widely
recognized first Common Criteria evaluation of a Linux distribution
has resulted in a large number of questions but also in quite some
misinterpretations about the scope of this evaluation and type of
analysis performed. atsec employees have been actively involved in the
development of security evaluation criteria since 1987 and have
evaluation experience with products spanning the range from smart
cards to mainframe systems. We want to establish this discussion list
as a forum mainly for developers and end users to get a better
understanding of Common Criteria evaluations and the benefit they can
have with Common Criteria certified products.

Helmut Kurth
Chief Scientist and Head of the Common Criteria Evaluation Facility
atsec information security

-------- End of Forwarded Message --------

Full-Disclosure - We believe in it.

Powered by blists - more mailing lists