Re: The Register: OpenVMS among most-secure of operating systems

From: Bob Koehler (koehler_at_eisner.nospam.encompasserve.org)
Date: 01/27/04 

Date: 27 Jan 2004 08:08:59 -0600

In article <bv5j9c$lhs$1@new-usenet.uk.sun.com>, Andrew Harrison SUNUK Consultancy <Andrew_No.Harrison_No@nospamn.sun.com> writes:
> "EAL4 (see Table 6.5) provides assurance by an analysis of the security
> functions, using a functional and complete interface specification,
> guidance documentation, the high-level and low-level design of the TOE,
> and a subset of the implementation, to understand the security
> behaviour. Assurance is additionally gained through an informal model of
> the TOE security policy.

   Saying so is far from making it so. Witness the Windows EAL
   certification. I don't care which politicians signed it.

Relevant Pages

  • Re: The Register: OpenVMS among most-secure of operating systems
    ... Bob Koehler wrote: ... >>functions, using a functional and complete interface specification, ... >>the TOE security policy. ... anything about EAL) that EAL has a hierachy of assurance. ...
    (comp.os.vms)
  • RE: [Full-Disclosure] Antigen Path Disclosure
    ... security, you're all just playing with "the morning wood" (err.. ... the pool, I don’t care if he went off a bridge, I DON'T FUCKING CARE, ... something i never actually bothered poking at them or something i never ... Charter: http://lists.netsys.com/full-disclosure-charter.html ...
    (Full-Disclosure)
  • [Full-Disclosure] Beyond black, white, and grey: the Yellow Hat Hacker
    ... >>cashing in and making a great show of how much you care about protecting ... >>security is hypocritical, that's all. ... >I have a real fucking problem with idiots who know nothing, ... >This isn't a childish rant. ...
    (Full-Disclosure)
  • Re: Atguard?
    ... And those idiots typically install software without seeing any need for it, without any reasonable evaluation of their problem and without considering alternatives. ... Who said that I don't care for authors? ... As if locally exploitable wasn't worse enough, there are many other remotely exploitable security vulnerabilities including DoS with SYN, UDP and ICMP flooding or bypassing the filtering with overlapping IP fragments. ... Is that political correctness for "horribly broken"? ...
    (comp.security.firewalls)
  • Re: Where is the notificiation about IE zero day vulnerablity?
    ... but over 2 hours ago I did say that a break in FF security would ... The problem I have with that is why would Yahoo, CNN or MSNBC care about ...
    (microsoft.public.security)