In message <199512011749 .
LAA18890 @
shade .
sctc .
com> Rick Smith writes:
> Both LOCK and SNS have formal security policy models, top level
> specifications, formal proofs, covert channel analyses, the whole A1
> nine yards. The only difference is that we've reorganized the
> development process to try to build high assurance products in real
> time. In other words, build something that doesn't combine high
> assurance with obsolescence.
Which means I, as a potential customer, am still stuck with the problem of
having to trust the car salesman's word that the car will run. Of course, I may
also question the competence of NCSC's evaluators, but at least they have no
vested interest in a product passing or failing evaluation (well, except in one
case that shall remain nameless where they have invested something like $20M in
the product's development; it's probably a good thing that that product isn't
going to go through a TCSEC evaluation, given the result would be highly suspect
given NSA's interest in seeing it pass).
Karen Goertzel
Manager, International Programmes and Special Projects
Secure Systems and Services Operation
Wang Federal, Inc.
7900 Westpark Drive - MS 700
McLean, Virginia 22102-4299
TEL: 703-827 3914
FAX: 703-827 3161
Internet: goertzek @
wangfed .
com
+-----------------------------------------+
| Human history becomes more and more a |
| race between education and catastrophe. |
| - H.G. Wells |
+-----------------------------------------+
Follow-Ups:
|
|
