Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Can ISO15408 evaluated products be trusted?
From: Nora Barrera <nora15408 () yahoo com>
Date: Sat, 21 May 2005 06:34:30 -0700 (PDT)

--- HHikita <h_hikita () yahoo co jp> wrote:
But you  need a common vocabulary to describe
security specifications.

This vocabulary should be understood by more than 100

How else would you expect to archive common
recognition between all those countries. :-P

Is this even possible, considering the cultural
I was told that "internal risk" is not taken into
account in Japan. No employee would hack his own

the statement are understandable by its target
audience (i.e. evaluators and consumers)."

How can this be evaluated? The evaluation laboratory
says "Not clear, not understandable". And the guy who
wrote the description answers "you are too stupid to
understand it". What happens next?

So everything other than those FDP_,FCS_, FIA_,
FAU_, ALC_... things,
is supposed to be understandable.

You said it!

Discover Yahoo! 
Get on-the-go sports scores, stock quotes, news and more. Check it out! 
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]