Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Can ISO15408 evaluated products be trusted?
From: HHikita <h_hikita () yahoo co jp>
Date: Fri, 20 May 2005 20:44:06 +0900

Nora Barrera wrote:

Who understands this strange CC dialect? For me, a ST
is black magic, not a security specification.

Functional Requirements and Assurance Requirements might seem mind
boggling at first.
But you  need a common vocabulary to describe security specifications.
How else would you expect to archive common recognition between all
those countries. :-P

Well actually,  for each section of the PP/ST there is a requirement
that says
the section must be coherent.  For example CEM says in paragraph 300

"The statement of the TOE description is coherent if the text and
structure of
the statement are understandable by its target audience (i.e. evaluators and

So everything other than those FDP_,FCS_, FIA_, FAU_, ALC_... things,
is supposed to be understandable.

Do You Yahoo!?
Upgrade Your Life

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]