|
There are a few things you have to be careful
with online information. Some of it is great and some of it is plain junk or
not what I would called researched. It seems the specific portion of this
paper that talks about CC is first a cut an past of online resource and second
written by someone who has done a couple hours of reading on the subject and
not thorough research as it should be. The second issue I see is the references
being used are all dating back to year 2000, six years within the information security
field is like centuries in other fields. Things have changed a whole lot since
the year 2000 bug. Myself I would visit the CC website and
find from the authoritative source on the subject what a real CC evaluation is
all about. Protection profiles are not written on the fly to satisfy vendors
as claimed in this paper. Obviously it was written by someone who was pro TCSEC. Thanks for the link to the document Clement From: Nguyen Pham
[mailto:[EMAIL PROTECTED] Sorry for this missing. On 8/26/06, Clement
Dupuis <[EMAIL PROTECTED]>
wrote: Obviously this is a paragraph extracted out of context from some
documents. By itself it is totally wrong but it might make sense if we have
access to the whole document. Depending on the EAL level being sought you might not even look at
the design process or development process at all. Only the higher level
would require this. Can you tell us where the paragraph was extracted from? Take care Clement From: Nguyen Pham [mailto:[EMAIL PROTECTED]]
Hi all, |
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
