Penetration Testing mailing list archives
RE: common criteria draft
From: "Aleksander P. Czarnowski" <alekc () avet com pl>
Date: Wed, 8 Jan 2003 14:10:32 +0100
I don't know how many people reading the lists have any involvement in formal Evaluation, but I doubt it is very many. This isn't really Penetration Testing as the majority of people on these lists understand it.
Fully agree. For what most would see as pen-test methodology example I would advise rather to take a look at Open Source Security Testing Methodology Manual at http://www.isecom.org/ insted of CC drafts.
Unless someone works for an Evaluation Facility, then they aren't likely to have come across this or have the background knowledge to put the document into context.
Actually there are few good reasons to at least read it even if you are not Evaluation Facility. Formalization of pen-test process is not an easy task and such documents can positively influence others work in this field. However one should read other documents regarding CC before starting with this draft I guess.
There is some good stuff in there if you need to develop a formal method for Penetration Testing, but it isn't an easy read. This entire process is still under review, and probably won't be finalised until late 2003/early 2004.
This is one of drawbacks that probably keeps people not using it. People are afraid of using and applying drafts in production environment. Just my 2 cents Best Regards, Aleksander Czarnowski AVET INS ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- common criteria draft Fernando Martins (Jan 06)
- <Possible follow-ups>
- RE: common criteria draft Brewis, Mark (Jan 07)
- RE: common criteria draft Aleksander P. Czarnowski (Jan 08)
- New security testing tool kyle (Jan 11)
- RE: common criteria draft Brewis, Mark (Jan 10)