Re: Penetration testing via shrinkware

John Grillo (John.Grilloraba.com)
Tue, 22 Sep 1998 09:09:04 -0400

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Ivan Arce,CORE SDI: "Re: Penetration testing via shrinkware"
• Previous message: Darren Reed: "Re: Penetration testing via shrinkware"
• In reply to: Paul D. Robertson: "Re: Penetration testing via shrinkware"
• Next in thread: Bill_Roydspch.gc.ca: "Re: Penetration testing via shrinkware"

I strongly agree. I spent five years on the project that killed the orange
book, Trusted mach. It was a
dream come true when the orange book died. Our company spent 10 years
developing the OS
and when it came time to evaluate it, we didn't have enough paperwork to
justify it. Instead of learning
their lesson, the government comes out with the new criteria.

----------
> From: Marcus J. Ranum <mjrnfr.net>
> To: firewall-wizardsnfr.net
> Subject: Re: Penetration testing via shrinkware
> Date: Monday, September 21, 1998 8:40 PM
>
> Christopher Nicholls wrote:
> >Have you checked out the Common Criteria model?
>
> Yeah, it's like the orange book written by lawyers.
>
> Clearly what happened is that the orange book specs were too
> complex to implement in a timely and cost effective manner.
> So the powers that be decided to implement a security
> evaluation criteria model that would allow them to redefine
> things so that basically anything is OK as long as you
> say it's OK. Cover the problem with layers of paper. :(
>
> mjr.
> --
> Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
> work - http://www.nfr.net
> home - http://www.clark.net/pub/mjr

• Next message: Ivan Arce,CORE SDI: "Re: Penetration testing via shrinkware"
• Previous message: Darren Reed: "Re: Penetration testing via shrinkware"
• In reply to: Paul D. Robertson: "Re: Penetration testing via shrinkware"
• Next in thread: Bill_Roydspch.gc.ca: "Re: Penetration testing via shrinkware"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:47 CDT