Re: Penetration testing via shrinkware

Marcus J. Ranum (mjrnfr.net)
Mon, 21 Sep 1998 20:40:33 -0400

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Sadofsky, Jerry: "re: SUN RPC portmapper"
• Previous message: Ryan Russell: "Re: SOCKS"
• Maybe in reply to: Patrick Hayden: "SOCKS"
• Next in thread: Christopher Nicholls: "Re: Penetration testing via shrinkware"
• Reply: Christopher Nicholls: "Re: Penetration testing via shrinkware"

Christopher Nicholls wrote:
>Have you checked out the Common Criteria model?

Yeah, it's like the orange book written by lawyers.

Clearly what happened is that the orange book specs were too
complex to implement in a timely and cost effective manner.
So the powers that be decided to implement a security
evaluation criteria model that would allow them to redefine
things so that basically anything is OK as long as you
say it's OK. Cover the problem with layers of paper. :(

mjr.

--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr

• Next message: Sadofsky, Jerry: "re: SUN RPC portmapper"
• Previous message: Ryan Russell: "Re: SOCKS"
• Maybe in reply to: Patrick Hayden: "SOCKS"
• Next in thread: Christopher Nicholls: "Re: Penetration testing via shrinkware"
• Reply: Christopher Nicholls: "Re: Penetration testing via shrinkware"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:47 CDT