Well, let's state the following: CC is a way to assure that products meet IT security functionalities as defined in this standard. The official standard CC (or ISO IS 15408) is available at the nist home page (http://csrc.nist.gov/cc/), they also provide some useful info. It is an extremely work-intensive effort to get a product evaluated but it helps the developers as well as the users for the developers get enforced to document everything - even their testing. And when I consider how many patches are needed in products then a more diligent approach is urgently needed. And that's for the benefit of the customers. Roland BTW, ISO 9000 is a standard that - if used in its intention - helps streamlining business processes. If you misuse it then it helps documenting bad business processes. It is up to the user what he does with ISO 9000. I am no fan of ISO 9000 but I know that some companies used it well and it helped them.
begin:vcard n:Mueller;Roland tel;fax:(512) 795-0495 tel;work:(512) 795-0494 x-mozilla-html:FALSE org:TUVIT Inc. version:2.1 email;internet:[EMAIL PROTECTED] adr;quoted-printable:;;8716 North MoPac=0D=0ASuite 220;Austin;Texas;78759;U.S.A. x-mozilla-cpt:;-1 fn:Mueller, Roland end:vcard
