"Marcus J. Ranum" <mjr @
iwi .
com> said:
>> Now, to the Orange Book. The poster focused on features, but that is
>> NOT the focus of the OB. The focus of the OB is ASSURANCE
MJR> [...]
>> However, I will be happy to discuss any supposed "irrelevance" of OB
>> or ITSEC requirements to the commercial world.
MJR> There's no need to -- you already explained (more tersely than I
MJR> did) the problem with the orange book earlier on in your comments.
MJR> It's not about features, it's about assurance.
Assurance that the features work.
MJR> Commercial computing is about features (represented as
MJR> functionality) Therefore orange book is irrelevant to commercial
MJR> computing.
#ifdef HOLYWAR
Given the success of Microsoft with Windows, you must be right.
In commercial computing, it doesn't matter if the features work
properly, just that there is an assertion that the features are there,
and will work Real Soon Now.
#endif /* HOLYWAR */
--
#include <disclaimer.h> /* Sten Drescher */
To get my PGP public key, send me email with your public key and
Subject: PGP key exchange
Key fingerprint = 90 5F 1D FD A6 7C 84 5E A9 D3 90 16 B2 44 C4 F3
|
|
