Date: Wed, 15 Mar 2006 12:02:19 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= <des@des.no> Cc: Timothy Smith <timothy@open-networks.net>, freebsd-security@freebsd.org, Julian Elischer <julian@elischer.org>, Jason M <talonz@gmail.com> Subject: Re: DSD Approved Products Message-ID: <20060315115842.M5861@fledge.watson.org> In-Reply-To: <86irqhf6om.fsf@xps.des.no> References: <f325996d0603130203h5b14fd0drf4942c487208fe4e@mail.gmail.com> <4415C065.7040206@elischer.org> <4416C64C.7090309@open-networks.net> <86irqhf6om.fsf@xps.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-1890501141-1142424139=:5861 Content-Type: TEXT/PLAIN; charset=iso-8859-1; format=flowed Content-Transfer-Encoding: QUOTED-PRINTABLE On Tue, 14 Mar 2006, Dag-Erling Sm=F8rgrav wrote: > Timothy Smith <timothy@open-networks.net> writes: >> it can't be too hard to get on that list. windows 2000 is on there. > > Very funny. > > Getting a Common Criteria certification requires: > > - a big wad of money > - lots and lots of very boring paperwork > - an even bigger wad of money > > Sadly, Microsoft has that, and we don't. Having been involved in the certication process for Mac OS X, I know a litt= le=20 about this process now, and the main thing to understand is that the common= =20 criteria process is about certifying products from vendors. We have a=20 product, but we're not actually a vendor. Vendors are typically the ones t= hat=20 find the rather large sums of cash required to complete the certification= =20 process. That said, we're now at the point where we basically have all the required= =20 functionality for a CAPP evaluation in 7.x-CURRENT, and I'll be merging the= =20 audit support to 6.x in the near future. I had hoped to ship it in 6.1, bu= t=20 things haven't gone quite as quickly as I hoped. I'll MFC the security aud= it=20 support pretty quickly after the 6.1 release now that it has settled out so= me=20 in CVS HEAD. There is some additional functional work that needs to be don= e,=20 but it is generally in progress at this point. Something we can do to make a CAPP evaluation for FreeBSD easier is to star= t=20 providing the security target documentation and assurance documentation.=20 That way if a vendor turns up and is interested in certifying, it will be a= =20 lot easier for them. Robert N M Watson --0-1890501141-1142424139=:5861--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060315115842.M5861>