Mike Small wrote:
Btw. if having source code adds no value for verification, why do the FIPS CMVP procedures ask for it for the "Design Assurance" part of their review? http://csrc.nist.gov/groups/STM/cmvp/documents/CMVPFAQ.pdf
I'm surprised that nobody has chimed in on this one, yet, since quite a few of you have experienced ISO 9000 certification procedures. It's the same reason: documentation. Part of the validation process is examination of documents related to the product to ensure consistency with the submitted profiles. This includes comments in the source code.
-- Rich P. _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
