Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Can ISO15408 evaluated products be trusted?
From: Nora Barrera <nora15408 () yahoo com>
Date: Sat, 21 May 2005 06:36:29 -0700 (PDT)

--- Valdis.Kletnieks () vt edu wrote:

Ask the vendor for a copy of the evaluation report. 

But those reports do not contain any valuable
information for me. What kind of tests were done? How?
It looks like security by obscurity.

Note that the EAL and PP interact - a CAPP
(Controlled Access) evaluated at EAL4
may actually provide less *real* protection than an
LSPP (Labeled System) evaluated
to EAL3 - the EAL4 just means they've done more work
to prove the *provided* security works as
advertised.

What's the use of security functions if they can be
circumvented?



                
Yahoo! Mail
Stay connected, organized, and protected. Take the tour:
http://tour.mail.yahoo.com/mailtour.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault