Full Disclosure mailing list archives
RE: CC evaluation
From: "Clement Dupuis" <cdupuis () cccure org>
Date: Sat, 26 Aug 2006 07:49:48 -0400
Obviously this is a paragraph extracted out of context from some documents. By itself it is totally wrong but it might make sense if we have access to the whole document. Depending on the EAL level being sought you might not even look at the design process or development process at all. Only the higher level would require this. Can you tell us where the paragraph was extracted from? Take care Clement _____ From: Nguyen Pham [mailto:nguyen.petronius () gmail com] Sent: Saturday, August 26, 2006 6:32 AM To: pen-test () securityfocus com; full-disclosure () lists grok org uk Subject: [Full-disclosure] CC evaluation Hi all, Could you please give your comments on the following point: "CC is an evaluation of design methods, not an evaluation of security functionality. It is the system development process that is being evaluated, not the system itself. This means that the given EAL only states whether a larger enough pile of paperwork over the design process exists or not. The correctness and importance of those papers doase not even have to be verified and examined". Thanks for your helps, Nguyen Pham.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- CC evaluation Nguyen Pham (Aug 26)
- RE: CC evaluation Clement Dupuis (Aug 26)
- Re: CC evaluation Nguyen Pham (Aug 26)
- RE: CC evaluation Clement Dupuis (Aug 26)
- Re: CC evaluation Nguyen Pham (Aug 26)
- RE: CC evaluation Clement Dupuis (Aug 26)