Full Disclosure mailing list archives
[Fwd: Announcement of Common Criteria Discussion List]
From: David Ochel <davidml () atsec com>
Date: Wed, 25 Feb 2004 17:04:14 -0600
Dear list members, please allow me to forward the announcement of our new mailing list to you. Subscriptions are welcome at cc-subscribe () lists atsec com. Regards, David -------- Original Message -------- Subject: Announcement of Common Criteria Discussion List Date: Wed, 25 Feb 2004 15:01:13 -0600 From: Helmut Kurth <helmut () atsec com> Announcement of the Common Criteria Discussion List atsec information security announces the setup of a discussion list for aspects related to the Common Criteria and security evaluations. The purpose of this discussion list is to promote the knowledge about the Common Criteria as the ISO standard for IT security evaluations and the methodology to perform such evaluations. The mailing list can be found at www.cc-portal.org, a web site providing also additional links to other Common Criteria related information. This site can also be reached with the URL www.atsec.com/cc. As with most other complex standards the Common Criteria require a significant amount of explanation and guidance for people that are not experts in this area and just want to learn about the benefit security evaluations can bring them. Although some good guidance documents have been published in the past, those documents can not answer all the questions about security evaluations. The discussion list is intended to address those problems and bridging the gap between evaluators / certifiers, the developers of IT products and the users of those products that need to rely on the security functions provided. This discussion list is not intended to discuss specific interpretations of the Common Criteria and the Common Evaluation Methodology, since this is subject of the Common Criteria Implementation and Management Board (CCIMB). It is also not intended to discuss aspects of the different national evaluation schemes. Instead aspects of the practical use of evaluation results and practical aspects how the criteria and the evaluation methodology could be enhanced in the future and embedded into the management of security within an organization are the main intended topics of this discussion list. atsec information security has seen the need for such a discussion list from various comments and questions received with respect to the different evaluations we have performed. Especially the widely recognized first Common Criteria evaluation of a Linux distribution has resulted in a large number of questions but also in quite some misinterpretations about the scope of this evaluation and type of analysis performed. atsec employees have been actively involved in the development of security evaluation criteria since 1987 and have evaluation experience with products spanning the range from smart cards to mainframe systems. We want to establish this discussion list as a forum mainly for developers and end users to get a better understanding of Common Criteria evaluations and the benefit they can have with Common Criteria certified products. Helmut Kurth Chief Scientist and Head of the Common Criteria Evaluation Facility atsec information security -------- End of Forwarded Message -------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [Fwd: Announcement of Common Criteria Discussion List] David Ochel (Feb 25)