[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20050521133430.29574.qmail@web60715.mail.yahoo.com>
Date: Sat May 21 14:34:42 2005
From: nora15408 at yahoo.com (Nora Barrera)
Subject: Can ISO15408 evaluated products be trusted?
--- HHikita <h_hikita@...oo.co.jp> wrote:
> But you need a common vocabulary to describe
> security specifications.
This vocabulary should be understood by more than 100
people.
> How else would you expect to archive common
> recognition between all those countries. :-P
Is this even possible, considering the cultural
differences?
I was told that "internal risk" is not taken into
account in Japan. No employee would hack his own
company.
> the statement are understandable by its target
> audience (i.e. evaluators and consumers)."
How can this be evaluated? The evaluation laboratory
says "Not clear, not understandable". And the guy who
wrote the description answers "you are too stupid to
understand it". What happens next?
> So everything other than those FDP_,FCS_, FIA_,
> FAU_, ALC_... things,
> is supposed to be understandable.
_Supposed_
You said it!
Discover Yahoo!
Get on-the-go sports scores, stock quotes, news and more. Check it out!
http://discover.yahoo.com/mobile.html
Powered by blists - more mailing lists