Re: OpenBSD Volunteer needed today in Los Angeles - Solved!

Mon, 22 Feb 2010 06:05:51 -0800 

EAL4 is meaningless. The auditor is not required to view the software
in any way (binary or source). Any vendor with money can get its OS to
be certified at least at EAL 4 because all that means is that the OS
has some mechanisms in place for implementing security. It does not
guarantee that those mechanisms really work or that the OS is not full
of security holes.

Security certifications are futile. At best, they can certify the
*model*, not the *implementation*. I seriously doubt .mil or .gov has
such requirements for high security networks. I see this kind of
nonsense in the Enterprise world.

On Mon, Feb 22, 2010 at 7:03 AM, Lori Barfield <itdirec...@gmail.com> wrote:
> On Sun, Feb 21, 2010 at 8:39 PM, Darrin Chandler
> <dwchand...@stilyagin.com>wrote:
>
>> On Sun, Feb 21, 2010 at 03:35:32PM -0800, Michael Dexter wrote:
>> > Thank you Seth and Brooke for materializing and putting on a great
>> > OpenBSD booth at SCaLE in Los Angeles.
>>
>> Seth and Brooke? I know those two! Good people.
>>
>
> i volunteer for SCaLE and worked with a lot of the exhibitors this year,
and
> would like to say you guys did a nice job.
>
> ...lori
>
>



--
Aram HDvDrneanu

Reply via email to