lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri May 20 12:44:31 2005
From: h_hikita at yahoo.co.jp (HHikita)
Subject: Can ISO15408 evaluated products be trusted?

Nora Barrera wrote:

>Who understands this strange CC dialect? For me, a ST
>is black magic, not a security specification.
>
Functional Requirements and Assurance Requirements might seem mind
boggling at first.
But you  need a common vocabulary to describe security specifications.
How else would you expect to archive common recognition between all
those countries. :-P

Well actually,  for each section of the PP/ST there is a requirement
that says
the section must be coherent.  For example CEM says in paragraph 300

"The statement of the TOE description is coherent if the text and
structure of
the statement are understandable by its target audience (i.e. evaluators and
consumers)."

So everything other than those FDP_,FCS_, FIA_, FAU_, ALC_... things,
is supposed to be understandable.

__________________________________
Do You Yahoo!?
Upgrade Your Life
http://bb.yahoo.co.jp/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ