On 9/21/07, Tom Tahan <thomas.tahan at sun.com> wrote: > The Sun Microsystems Security Strategic Working Group (SWG) previously > requested review comments from this forum and others on a draft security > questionnaire for products that are to run on Solaris. The questions address > how a product will use the core security capabilities found in Solaris, and > are intended to be used in the ARC review process as a supplement to the "20 > Questions." > > We appreciate your comments and have updated the questionnaire accordingly > (update is attached). If you have any further comments, please provide by COB > Friday, 28-Sep-2007.
One difficulty I see is that not all the materials referenced are openly available. For example, Infodoc 86177, and a number of ARC cases including (not an exhaustive list, just what I spotted on a first pass). PSARC/2000/517 OnePager Thread-safe audit API LSARC/2001/409 FastTrack Java Audit Session for Viper and WBEM PSARC/2003/397 FastTrack Contracted audit interfaces for open source PSARC/1997/332 OnePager Execution Profiles for Restricted Environments PSARC/2002/188 OnePager Least Privilege for Solaris PSARC/2002/547 OnePager Greenline It may be that these cases provide no information beyond what is publically available, of course, but I have no way to evaluate that and would therefore potentially be working in the dark. -- -Peter Tribble http://www.petertribble.co.uk/ - http://ptribble.blogspot.com/
