Hosting Provided By

RE: common criteria draft

From: Aleksander P. Czarnowski <alekc(at)avet.com.pl>
Date: Wed Jan 08 2003 - 08:10:32 EST

> I don't know how many people reading the lists have any
Fully agree. For what most would see as pen-test methodology example I would advise rather to take a look at Open Source Security Testing Methodology Manual at http://www.isecom.org/ insted of CC drafts.
> Unless someone works for an Evaluation Facility, then they
Actually there are few good reasons to at least read it even if you are not Evaluation Facility. Formalization of pen-test process is not an easy task and such documents can positively influence others work in this field. However one should read other documents regarding CC before starting with this draft I guess.
> There is some good stuff in there if you need to develop a
This is one of drawbacks that probably keeps people not using it. People are afraid of using and applying drafts in production environment. Just my 2 cents
Best Regards,
Aleksander Czarnowski
AVET INS

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ Received on Wed Jan 8 17:32:19 2003

This message: [ Message body ]
Next message: Jeremy Bartels: "remote privilege escalation"
Previous message: Chris McNab: "Checkpoint FW-1 on Nokia - potential user enumeration bug?"
Maybe in reply to: Fernando Martins: "common criteria draft"
In reply to Brewis, Mark: "RE: common criteria draft"
Next in thread: kyle(at)kylelai.com: "New security testing tool"
Reply: kyle(at)kylelai.com: "New security testing tool"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:31 EDT