[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <d3e0607e0608260509wd4ea766rbc5736371eefa080@mail.gmail.com>
Date: Sat, 26 Aug 2006 14:09:25 +0200
From: "Nguyen Pham" <nguyen.petronius@...il.com>
To: "Clement Dupuis" <cdupuis@...ure.org>
Cc: full-disclosure@...ts.grok.org.uk, pen-test@...urityfocus.com
Subject: Re: CC evaluation
Sorry for this missing.
This text found on this report "Evaluation of the Security of Components in
Distributed Information Systems", p20 (http://www2.foi.se/rapp/foir1042.pdf)
Best,
Nguyen Pham.
On 8/26/06, Clement Dupuis <cdupuis@...ure.org> wrote:
>
> Obviously this is a paragraph extracted out of context from some
> documents.
>
>
>
> By itself it is totally wrong but it might make sense if we have access to
> the whole document.
>
>
>
> Depending on the EAL level being sought you might not even look at the
> design process or development process at all. Only the higher level would
> require this.
>
>
>
> Can you tell us where the paragraph was extracted from?
>
>
>
> Take care
>
>
>
> Clement
>
>
>
>
> ------------------------------
>
> *From:* Nguyen Pham [mailto:nguyen.petronius@...il.com]
> *Sent:* Saturday, August 26, 2006 6:32 AM
> *To:* pen-test@...urityfocus.com; full-disclosure@...ts.grok.org.uk
> *Subject:* [Full-disclosure] CC evaluation
>
>
>
> Hi all,
>
> Could you please give your comments on the following point:
>
> "CC is an evaluation of design methods, not an evaluation of security
> functionality. It is the system development process that is being evaluated,
> not the system itself. This means that the given EAL only states whether a
> larger enough pile of paperwork over the design process exists or not. The
> correctness and importance of those papers doase not even have to be
> verified and examined".
>
> Thanks for your helps,
> Nguyen Pham.
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists