Paul Robertson wrote:
>
> CC is a lot like an ISO9001 certification, where the vendor can
> set the standards they'll be measured against and then get measured
> against them.
Now watch me do one of my spin-around-and-stab-myself-in-the-back
acts again :)
Actually, I believe there _is_ some value in EAL 3 and better, given
that, at that level, they start evaluating your ways of doing your
work to a much greater degree. This does ensure _some_ kind of
quality thinking in the vendor's organization (i.e. you're not just
into happy hacking, where everything falls apart if the local guru
leaves the organization and such.)
But then again, if forced to choose between a secure security
product and one from a vendor that pours resources into carefully
documenting every hole/bug/flaw, doing follow-ups, and then not
giving a fsck, _I_ for one know which one I'd pick.
^^^^ (Hah! Got it right this time! &%%#&#� content filters)
--
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden
Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50 WWW: http://www.clavister.com
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
For Account Management (unsubscribe, get/change password, etc) Please go to:
http://lists.gnac.net/mailman/listinfo/firewalls
