Full Disclosure mailing list archives
Re: Can ISO15408 evaluated products be trusted?
From: HHikita <h_hikita () yahoo co jp>
Date: Thu, 19 May 2005 14:22:09 +0900
Nora Barrera wrote:
Does anybody understand what is really tested during an evaluation, or is it just bullshit?
For evaluations up to EAL4, the evaluation methods are stated in "Common Evaluation Methodology"(CEM). http://www.commoncriteriaportal.org/public/files/cemv2.2.pdf For evaluations higher than EAL5, the testing method depends on the country you apply for the certification. I would trust the ISO15408 evaluated products to do what it states in its Security Target(ST). To figure out what is written in the ST is another problem. __________________________________ Do You Yahoo!? Upgrade Your Life http://bb.yahoo.co.jp/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Can ISO15408 evaluated products be trusted? Nora Barrera (May 18)
- Re: Can ISO15408 evaluated products be trusted? Valdis . Kletnieks (May 18)
- Re: Can ISO15408 evaluated products be trusted? Nora Barrera (May 21)
- Re: Can ISO15408 evaluated products be trusted? HHikita (May 21)
- Re: Can ISO15408 evaluated products be trusted? Valdis . Kletnieks (May 21)
- Re: Can ISO15408 evaluated products be trusted? Nora Barrera (May 21)
- Re: Can ISO15408 evaluated products be trusted? HHikita (May 18)
- <Possible follow-ups>
- Re: Can ISO15408 evaluated products be trusted? Nora Barrera (May 20)
- Re: Can ISO15408 evaluated products be trusted? HHikita (May 20)
- Re: Can ISO15408 evaluated products be trusted? Nora Barrera (May 21)
- Re: Can ISO15408 evaluated products be trusted? HHikita (May 21)
- Re: Can ISO15408 evaluated products be trusted? Valdis . Kletnieks (May 18)