On Sat, May 10, 2008 at 10:10:21AM +0200, Lennart Regebro wrote:
> On Thu, May 8, 2008 at 11:55 AM, Christian Theune <[EMAIL PROTECTED]> wrote:
> > Hi everyone,
> > I have to give an unfortunate update about the Common Criteria (CC)
> > certification.
> > The CC project began in 2003 to certify Zope 3's security architecture under
> > the conditions of the Common Criteria framework.
> > We started out as a community effort which turned out not to be a viable
> > solution due to the lack of interest of volunteers and the complexity of the
> > problem space.
> > gocept restarted the efforts in 2006 and provided a security target document
> > which was given to review and moving pretty good actually. There were very
> > concrete and viable plans for 2008 to finally get the certification wrapped
> > up
> > by end of may.
> > Unfortunately the project had to be cancelled due to the lack of interest of
> > the sponsoring organisation which went through a major merger. Due to that
> > we're stopping all activities on the certification. If interest in this
> > should
> > come back at some point, we'd be happy to be part of a renewed effort.
> Too bad. I think those kinds of certifications aren't of much real
> use, but it positions you as a serious enterprise player, so it looks
I found it very useful to think about security in a structured way. The CC
functional catalog isn't that bad. I think the overall approach of CC is
actually pretty good. However, certifying a framework isn't directly thought
of in CC so we had our problems with terminology clashes etc as CC wants to
certify a specific application instead.
gocept gmbh & co. kg - forsterstrasse 29 - 06112 halle (saale) - germany
www.gocept.com - [EMAIL PROTECTED] - phone +49 345 122 9889 7 -
fax +49 345 122 9889 1 - zope and plone consulting and development
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -