Re: CC evaluation

["Nguyen Pham" <nguyen.petronius () gmail com>]

Sorry for this missing.

This text found on this report "Evaluation of the Security of Components in
Distributed Information Systems", p20 (http://www2.foi.se/rapp/foir1042.pdf)

Best,
Nguyen Pham.

On 8/26/06, Clement Dupuis <cdupuis () cccure org> wrote:
>  Obviously this is a paragraph extracted out of context from some
> documents.
>
>
>
> By itself it is totally wrong but it might make sense if we have access to
> the whole document.
>
>
>
> Depending on the EAL level being sought you might not even look at the
> design process or development process at all.  Only the higher level would
> require this.
>
>
>
> Can you tell us where the paragraph was extracted from?
>
>
>
> Take care
>
>
>
> Clement
>
>
>
>
>  ------------------------------
>
> *From:* Nguyen Pham [mailto:nguyen.petronius () gmail com]
> *Sent:* Saturday, August 26, 2006 6:32 AM
> *To:* pen-test () securityfocus com; full-disclosure () lists grok org uk
> *Subject:* [Full-disclosure] CC evaluation
>
>
>
> Hi all,
>
> Could you please give your comments on the following point:
>
> "CC is an evaluation of design methods, not an evaluation of security
> functionality. It is the system development process that is being evaluated,
> not the system itself. This means that the given EAL only states whether a
> larger enough pile of paperwork over the design process exists or not. The
> correctness and importance of those papers doase not even have to be
> verified and examined".
>
> Thanks for your helps,
> Nguyen Pham.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/