8 principles with 2 more from physical security that apply only
imperfectly to computer systems
http://www.cap-lore.com/CapTheory/ProtInf/Basic.html
On Feb 7, 2006, at 9:59 AM, Jeff Williams wrote:
I'm not sure which of the three definitions in Brian's message you're
not
concurring with,
The US Dept of Defense has done some work on the procurement side of
the problem. Here are two papers for those in very large
bureaucracies who might be interested:
Best Software Assurance Practices in Acquisition of Trusted Systems
A simple way to understand why implementing software development
process improvement will not necessarily produce secure software is to
read the Common Criteria.
yes, I know that it's opaque and hard to understand, but once you have
gone through the process of writing a Protection Profile for