Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Can ISO15408 evaluated products be trusted?
From: HHikita <h_hikita () yahoo co jp>
Date: Thu, 19 May 2005 14:22:09 +0900

Nora Barrera wrote:

Does anybody understand what is really tested during
an evaluation, or is it just bullshit?

For evaluations up to EAL4,  the evaluation methods are stated in
"Common Evaluation Methodology"(CEM).

For  evaluations higher than EAL5,  the testing method depends on the
country  you apply for the certification.

I would trust the  ISO15408 evaluated products to do what it states in
its Security Target(ST).
To figure out what is written in the ST is  another problem.

Do You Yahoo!?
Upgrade Your Life

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]