On Sat, May 10, 2008 at 10:10:21AM +0200, Lennart Regebro wrote: > On Thu, May 8, 2008 at 11:55 AM, Christian Theune <[EMAIL PROTECTED]> wrote: > > Hi everyone, > > > > I have to give an unfortunate update about the Common Criteria (CC) > > certification. > > > > The CC project began in 2003 to certify Zope 3's security architecture under > > the conditions of the Common Criteria framework. > > > > We started out as a community effort which turned out not to be a viable > > solution due to the lack of interest of volunteers and the complexity of the > > problem space. > > > > gocept restarted the efforts in 2006 and provided a security target document > > which was given to review and moving pretty good actually. There were very > > concrete and viable plans for 2008 to finally get the certification wrapped > > up > > by end of may. > > > > Unfortunately the project had to be cancelled due to the lack of interest of > > the sponsoring organisation which went through a major merger. Due to that > > we're stopping all activities on the certification. If interest in this > > should > > come back at some point, we'd be happy to be part of a renewed effort. > > Too bad. I think those kinds of certifications aren't of much real > use, but it positions you as a serious enterprise player, so it looks > good.
I found it very useful to think about security in a structured way. The CC functional catalog isn't that bad. I think the overall approach of CC is actually pretty good. However, certifying a framework isn't directly thought of in CC so we had our problems with terminology clashes etc as CC wants to certify a specific application instead. Christian -- gocept gmbh & co. kg - forsterstrasse 29 - 06112 halle (saale) - germany www.gocept.com - [EMAIL PROTECTED] - phone +49 345 122 9889 7 - fax +49 345 122 9889 1 - zope and plone consulting and development _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )