lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <d3e0607e0608260509wd4ea766rbc5736371eefa080@mail.gmail.com>
Date: Sat, 26 Aug 2006 14:09:25 +0200
From: "Nguyen Pham" <nguyen.petronius@...il.com>
To: "Clement Dupuis" <cdupuis@...ure.org>
Cc: full-disclosure@...ts.grok.org.uk, pen-test@...urityfocus.com
Subject: Re: CC evaluation

Sorry for this missing.

This text found on this report "Evaluation of the Security of Components in
Distributed Information Systems", p20 (http://www2.foi.se/rapp/foir1042.pdf)

Best,
Nguyen Pham.

On 8/26/06, Clement Dupuis <cdupuis@...ure.org> wrote:
>
>  Obviously this is a paragraph extracted out of context from some
> documents.
>
>
>
> By itself it is totally wrong but it might make sense if we have access to
> the whole document.
>
>
>
> Depending on the EAL level being sought you might not even look at the
> design process or development process at all.  Only the higher level would
> require this.
>
>
>
> Can you tell us where the paragraph was extracted from?
>
>
>
> Take care
>
>
>
> Clement
>
>
>
>
>  ------------------------------
>
> *From:* Nguyen Pham [mailto:nguyen.petronius@...il.com]
> *Sent:* Saturday, August 26, 2006 6:32 AM
> *To:* pen-test@...urityfocus.com; full-disclosure@...ts.grok.org.uk
> *Subject:* [Full-disclosure] CC evaluation
>
>
>
> Hi all,
>
> Could you please give your comments on the following point:
>
> "CC is an evaluation of design methods, not an evaluation of security
> functionality. It is the system development process that is being evaluated,
> not the system itself. This means that the given EAL only states whether a
> larger enough pile of paperwork over the design process exists or not. The
> correctness and importance of those papers doase not even have to be
> verified and examined".
>
> Thanks for your helps,
> Nguyen Pham.
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ