> The point is that if you have a class B O/S you're more likely to skimp
> on the application level stuff. If you get both, that's great, but you
> usually only get one.
I've seen this happen, too. This is why NCSC formal evaluation is too
often irrelevant. If a trusted system is performing a security
service, then the application software is often configured to
circumvent the standard security measures in some places. This is OK
if it's done right, and a huge problem if it's done wrong.
Security is a property of overall system behavior. It's bad news to
assume a platform can do it all for you, or that an application can do
it all. The best defense needs them to work together.
On the SNS Mail Guard the government evaluated the whole thing
including the networking and application software.
com secure computing corporation