Mr Ranum writes:
> It's not about features, it's about assurance.
> Commercial computing is about features (represented as functionality)
> Therefore orange book is irrelevant to commercial computing.
Yes in the trully commercial environment it is always about functionallity
until something really goes south (your hard disk gets wiped or someone's
little program sends the boss's little black book to his wife via email). Then
that site looks to see why this happended. Usually its a commercial program
(or OS) that has given someone access to something he should not have. Now
depending one how much the wife got in the settlement case it might have been
cheaper to place a high assurance system guarding such important information.
Tim Williams
williams @
gki .
com
|
|
