Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Full-disclosure] CC evaluation

from [Clement Dupuis] Network Security [Permanent Link]
Subject: RE: [Full-disclosure] CC evaluation
Date: Sat, 26 Aug 2006 07:49:48 -0400 
Obviously this is a paragraph extracted out of context from some documents.

 

By itself it is totally wrong but it might make sense if we have access to
the whole document.

 

Depending on the EAL level being sought you might not even look at the
design process or development process at all.  Only the higher level would
require this.

 

Can you tell us where the paragraph was extracted from?

 

Take care

 

Clement

 

 

  _____  

From: Nguyen Pham [mailto:nguyen.petronius@gmail.com] 
Sent: Saturday, August 26, 2006 6:32 AM
To: pen-test@securityfocus.com; full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] CC evaluation

 

Hi all,

Could you please give your comments on the following point:

"CC is an evaluation of design methods, not an evaluation of security
functionality. It is the system development process that is being evaluated,
not the system itself. This means that the given EAL only states whether a
larger enough pile of paperwork over the design process exists or not. The
correctness and importance of those papers doase not even have to be
verified and examined". 

Thanks for your helps,
Nguyen Pham.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] CC evaluation, Nguyen Pham
Next by Date:  Re: [Full-disclosure] CC evaluation, Nguyen Pham
Previous by Thread:  [Full-disclosure] CC evaluation, Nguyen Pham
Next by Thread:  Re: [Full-disclosure] CC evaluation, Nguyen Pham
Indexes:  [Date] [Thread] [Top] [All Lists]