[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Can ISO15408 evaluated products be trusted?

To: Valdis.Kletnieks@xxxxxx
Subject: Re: [Full-disclosure] Can ISO15408 evaluated products be trusted?
From: Nora Barrera <nora15408@xxxxxxxxx>
Date: Sat, 21 May 2005 06:36:29 -0700 (PDT)

--- Valdis.Kletnieks@xxxxxx wrote:

> Ask the vendor for a copy of the evaluation report. 

But those reports do not contain any valuable
information for me. What kind of tests were done? How?
It looks like security by obscurity.

> Note that the EAL and PP interact - a CAPP
> (Controlled Access) evaluated at EAL4
> may actually provide less *real* protection than an
> LSPP (Labeled System) evaluated
> to EAL3 - the EAL4 just means they've done more work
> to prove the *provided* security works as
advertised.

What's the use of security functions if they can be
circumvented?

Yahoo! Mail
Stay connected, organized, and protected. Take the tour:
http://tour.mail.yahoo.com/mailtour.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Can ISO15408 evaluated products be trusted?
  - From: HHikita
- Re: [Full-disclosure] Can ISO15408 evaluated products be trusted?
  - From: Valdis . Kletnieks

References:
- Re: [Full-disclosure] Can ISO15408 evaluated products be trusted?
  - From: Valdis . Kletnieks

Prev by Date: Re: [Full-disclosure] Can ISO15408 evaluated products be trusted?
Next by Date: [Full-disclosure] [ GLSA 200505-16 ] ImageMagick, GraphicsMagick: Denial of Service vulnerability
Previous by thread: Re: [Full-disclosure] Can ISO15408 evaluated products be trusted?
Next by thread: Re: [Full-disclosure] Can ISO15408 evaluated products be trusted?
Index(es):
- Date
- Thread