mailing list archives
Re: Can ISO15408 evaluated products be trusted?
From: HHikita <h_hikita () yahoo co jp>
Date: Thu, 19 May 2005 14:22:09 +0900
Nora Barrera wrote:
Does anybody understand what is really tested during
an evaluation, or is it just bullshit?
For evaluations up to EAL4, the evaluation methods are stated in
"Common Evaluation Methodology"(CEM).
For evaluations higher than EAL5, the testing method depends on the
country you apply for the certification.
I would trust the ISO15408 evaluated products to do what it states in
its Security Target(ST).
To figure out what is written in the ST is another problem.
Do You Yahoo!?
Upgrade Your Life
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/