On Mon, Feb 22, 2010 at 04:04:39PM +0200, Aram H??v??rneanu wrote:
Besides what's written above. EAL is meaningless unless you read the
Protection Profile. EAL is the assurance level *against* the
protection profile. If your PP specifies only that in your systems,
users login using passwords
On Mon, Feb 22, 2010 at 03:51:28PM +0200, Aram H??v??rneanu wrote:
EAL4 is meaningless. The auditor is not required to view the software
in any way (binary or source).
Wrong. EAL4 is the lowest EAL that includes ADV_IMP.1, which in turn
requires checking the actual implementation, i.e. source
On 2/22/2010 9:23 AM, Bret S. Lambert wrote:
Unless some benefactor is willing to come forward and deal with the
logistical headache of doing the paperwork and keeping it all as
up to date as it needs to be, it's not going to happen, even if
getting an EAL meant ponies, rainbows, and money trees
EAL4 is meaningless. The auditor is not required to view the software
in any way (binary or source). Any vendor with money can get its OS to
be certified at least at EAL 4 because all that means is that the OS
has some mechanisms in place for implementing security. It does not
guarantee that those
On Mon, Feb 22, 2010 at 3:51 PM, Aram HDvDrneanu ara...@mgk.ro wrote:
EAL4 is meaningless. The auditor is not required to view the software
in any way (binary or source). Any vendor with money can get its OS to
be certified at least at EAL 4 because all that means is that the OS
has some
On Mon, Feb 22, 2010 at 04:04:39PM +0200, Aram H??v??rneanu wrote:
On Mon, Feb 22, 2010 at 3:51 PM, Aram HDvDrneanu ara...@mgk.ro wrote:
EAL4 is meaningless. The auditor is not required to view the software
in any way (binary or source). Any vendor with money can get its OS to
be
On Mon, 22 Feb 2010, Aram HD~CvD~Crneanu wrote:
SNIP
*model*, not the *implementation*. I seriously doubt .mil or .gov has
such requirements for high security networks. I see this kind of
nonsense in the Enterprise world.
Chuckle, you are living in a fantasy world if you think this kind of
On Monday, February 22, 2010, Bret S. Lambert bret.lamb...@gmail.com wrote:
Unless some benefactor is willing to come forward and deal with the
logistical headache of doing the paperwork and keeping it all as
up to date as it needs to be, it's not going to happen, even if
getting an EAL meant
On 2/22/2010 9:23 AM, Bret S. Lambert wrote:
Unless some benefactor is willing to come forward and deal with the
logistical headache of doing the paperwork and keeping it all as
up to date as it needs to be, it's not going to happen, even if
getting an EAL meant ponies, rainbows, and money trees
Steve Shockley wrote:
On 2/22/2010 9:23 AM, Bret S. Lambert wrote:
Unless some benefactor is willing to come forward and deal with the
logistical headache of doing the paperwork and keeping it all as
up to date as it needs to be, it's not going to happen, even if
getting an EAL meant ponies,
Thank you Seth and Brooke for materializing and putting on a great
OpenBSD booth at SCaLE in Los Angeles.
Overheard question of the day: Could you please get EAL level 4
certification so I can use you in the US Air Force? (Milaero country...)
Michael
On Sun, 21 Feb 2010 15:35 -0800, Michael Dexter dex...@bsdfund.org
wrote:
Thank you Seth and Brooke for materializing and putting on a great
OpenBSD booth at SCaLE in Los Angeles.
Overheard question of the day: Could you please get EAL level 4
certification so I can use you in the US Air
On Sun, 21 Feb 2010, Michael Dexter wrote:
Thank you Seth and Brooke for materializing and putting on a great
OpenBSD booth at SCaLE in Los Angeles.
Overheard question of the day: Could you please get EAL level 4
certification so I can use you in the US Air Force? (Milaero country...)
Michael
In my own opinion EAL level 4 cert has some serious issues. A lot of
what you get is Process and Procedure done by some large corporate
entity. What you find is code revs rarely go through certification.
For example Cisco ASA / Pix have to run pretty old code to get EAL 4
cert.
my US$.02
On Sun, Feb 21, 2010 at 03:35:32PM -0800, Michael Dexter wrote:
Thank you Seth and Brooke for materializing and putting on a great
OpenBSD booth at SCaLE in Los Angeles.
Seth and Brooke? I know those two! Good people.
--
Darrin Chandler| Phoenix BSD User Group | MetaBUG
On Sun, Feb 21, 2010 at 8:39 PM, Darrin Chandler
dwchand...@stilyagin.comwrote:
On Sun, Feb 21, 2010 at 03:35:32PM -0800, Michael Dexter wrote:
Thank you Seth and Brooke for materializing and putting on a great
OpenBSD booth at SCaLE in Los Angeles.
Seth and Brooke? I know those two! Good
16 matches
Mail list logo