Jon made some sound points and ended:
> I guess I'm just a high assurance biggot.
Well its politically correct to demure to the most vocal lobby even if
they are wrong.
The fact is that most people are just discovering computer security and
its a strange world with a new language and that nice Mr Gates comes along
and says 'Hey you're right and I just discovered it also - so trust me and
keep buying Microsoft, and p.s we would get round to fixing the bugs in
DOS 2.4 but theres no demand for it'. (that may be a small misquote - I
think Bill said that no significant customers expressed less than total
satisfaction in Microsoft products. Or maybe it was No significant numbers
of users, or something like that - I'm sure someone knows the answer and
will post it)
Then theres folk who have been working on IT security for 20 years and
more and they have a different view of life. Theyve been there before and
theyve seen others get burned - and sometimes got burned themselves.
TCSEC started out as much a procurement methodology as a security
criteria. Most vendors werent really interested and most commercial users
never heard about it.
Today we cant avoid security but most CFOs dont want to pay the bill.
Thats fine and they have no trouble finding a scapegoat in MIS when they
do get burned.
There is an assumption that the military have unique requirements - THEY
DONT REALLY. Their problems are much the same as anyone else. The language
is different, but no more different than petro chemicals as against
commodity brokers. They have purchasing departments that can be a real
pain and they have budget problems too. The $800 hammer has happened but
then commercial corporations make stupid mistakes - they just hide them
better. The main difference is that the military and other parts of
governments have to meet certain security requirements in a formal way and
that sometimes means that the bean counters cant refuse to hand over the
C2 is fine if thats all your risk policy requires. No firewall is fine if
thats in the risk requirements. OTOH if you want to counter external and
internal threats you need something very much better. Buying certified
product may not be as much fun as taking Solaris or something and second
guessing the authors, stripping out bits that dont seem to do much and
hoping you didnt take out anything vital. Then there are some people of
course who have read a book and know they can do better than anyone else.
It takes all sorts to make a world.