So why is this stuff still present in the very latest certification requirements? Because we're measuring what we know how to measure, whether it makes sense to evaluate security in that way or not. This is probably why penetrate-and-patch is still the most widely-used approach to securing systems. Maybe the solution to the problem is to figure out how to make penetrate-and-patch more rigorous and effective...
I would contend that the penetrate-and-patch model is because the original base was not designed for 7x24, fully interconnected environment. some slightly related comments on the subject:
http://www.garlic.com/~lynn/2003n.html#14 Poor People's OS
The air force found none of the problems in the studied infrastructure:
http://www.garlic.com/~lynn/2002l.html#42 Thirty Years Later: Lessons from the Multics Security Evaluation
http://www.garlic.com/~lynn/2002l.html#43 another 30 year thing
http://www.garlic.com/~lynn/2002l.html#44 Thirty Years Later: Lessons from the Multics Security Evaluation
http://www.garlic.com/~lynn/2003i.html#59 grey-haired assembler programmers (Ritchie's C)
http://www.garlic.com/~lynn/2003j.html#4 A Dark Day
the contention is that the system was designed to handle the circumstances. The currently common distributed software was not originally designed to handle this kind of situation .... and repeatedly it has been demonstrated for assurance to work well .... it has to be designed in from the start .... not added on afterward.
At various times, we had polite competition since the worked referenced in the air force study was done on the 5th floor of 545 tech. sq ... and I was on the 4th floor ... also working on what was considered a secure (but totally different) system.
http://www.garlic.com/~lynn/subtopic.html#545tech
There were issues about unfair comparison since at the time of the following .... the totally number of systems ever existing for the 5th floor system was something over one hundred. The total number of just internal corporate machines running the 4th floor system was in the thousands and the number of customer machines were low tens of thousands. So we just had light hearted competition with regard to just code I wrote .... and the number of (internal) machines that I directly provided systems for (something over a hundred ... comparable to the total number of 5th floor systems).
The following reference was the system that the air force data center in the pentagon was running was getting old ... and they were looking at newer hardware, in this case initially twenty newer machines, each with about the same MIP rate of the aging machine running the 5th floor system. As referenced, this then turned into 210 such machines:
http://www.garlic.com/~lynn/2001m.html#15 departmental servers
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
