Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Full-disclosure] Can ISO15408 evaluated products be trusted?
From: HHikita (h_hikitayahoo.co.jp)
Date: Fri May 20 2005 - 06:44:06 CDT
Nora Barrera wrote:
>Who understands this strange CC dialect? For me, a ST
>is black magic, not a security specification.
Functional Requirements and Assurance Requirements might seem mind
boggling at first.
But you need a common vocabulary to describe security specifications.
How else would you expect to archive common recognition between all
those countries. :-P
Well actually, for each section of the PP/ST there is a requirement
the section must be coherent. For example CEM says in paragraph 300
"The statement of the TOE description is coherent if the text and
the statement are understandable by its target audience (i.e. evaluators and
So everything other than those FDP_,FCS_, FIA_, FAU_, ALC_... things,
is supposed to be understandable.
Do You Yahoo!?
Upgrade Your Life
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/