> True, applications programmers can get lazy, and even the best ones
> may not have security in mind. That makes the secure OS *more*
> valuable not less. Are you trying to imply that they will be lazier
> because they trust a secure OS more?
That's exactly what I'm saying. Its like they're using a PC and you install
a virus checker on the PC lan and all of a sudden all these new applications
show up. You're probably *more* likely to get a virus.
> The lazy ones can't get any worse.
It's not that they're lazy. It's that they're energetic but not interested
in security. They haven't put IRC on their firewall yet because it's
not "safe", but now you've put a B level system under them they will.
> If the weren't thinking about security under C1(no security) they won't
> bother to think less about it under B level security.
D is no security. C1 is discretionary access control. C2 mostly adds
auditing. And, yes, they will think less about security under B level
because they think they're OK. I've seen it happen too many times...
not this specific example, but others that are pretty similar.