RE: common criteria draft

From: Brewis, Mark (mark.brewis@eds.com)
Date: Tue Jan 07 2003 - 07:57:59 EST


The Common Methodology for Information Technology Security Evaluation,
Vulnerability Analysis and Penetration Testing document is a draft of Common
Criteria Method for formal Evaluation.

I don't know how many people reading the lists have any involvement in
formal Evaluation, but I doubt it is very many. This isn't really
Penetration Testing as the majority of people on these lists understand it.

Unless someone works for an Evaluation Facility, then they aren't likely to
have come across this or have the background knowledge to put the document
into context.

There is some good stuff in there if you need to develop a formal method for
Penetration Testing, but it isn't an easy read. This entire process is
still under review, and probably won't be finalised until late 2003/early
2004.

EDS CLEF are involved in reviewing this process as an Evaluation Facility
(although I do not have any involvement in that process.), as are the other
Evaluation Facilities.

Hope this helps,

Mark

Mark Brewis

Security Consultant
EDS
EDS CLEF
Information Assurance Group
Wavendon Tower
Milton Keynes
Buckinghamshire
MK17 8LX.

-----Original Message-----
From: Fernando Martins [mailto:fernando.martins@esoterica.pt]
Sent: Monday, January 06, 2003 11:02 PM
To: pen-test@securityfocus.com; isecom-discuss@lists.sourceforge.net
Subject: common criteria draft

I just stumble here ...
http://www.commoncriteria.org/review_docs/index.html#avav068
funny that I never saw postings about this here

FM

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:26 EDT