Slashdot Mirror

← Back to Stories (view on slashdot.org)

Computer Security Criteria

Posted by michael on from the more-than-just-published-exploits dept.

Rolf Marvin Bøe Lindgren writes: "For most human endeavors that involve some sort of risk, there are powerful, recognized public interest groups or even government-appointed organizations that investigate and analyze dangers, prescribe guidelines, determine criteria for acceptable risk, etc. This does not seem to be the case for software! I work for a ship classification company. The purpose of such companies are, very simply put, to determine how safe seagoing vessels are, for instance in order that insurance companies can decide insurance premiums. There are, needless to say, numerous conventions and special interest groups to determine safety at sea. That is, as far as I know (and I would very much like to be proven wrong), except the computer systems that the ships use. there are restrictions, laws and regulations involved in just about any object that goes into a ship except the computer system. Everybody seems to know, for instance, that UNIX is safer that Windows, but there are no safety, reliability or security criteria established by any recognized authority that can be used to defend one computer system over another."

"Now, I could ask Slashdot how to go about to form a recognized body, but I have access to competence in that particular matter. What I would rather like to know, is this:

  • What might a set of safety criteria be like (I am just now most interested in criteria for computer systems that would address such issues as vulnerability to worms, viruses and crackers)?
  • How should one go about to find competent and interested people who would like to be part of a body like I describe, or consultants to one?

6 of 285 comments (clear)

  1. hm! by prizzznecious · · Score: 3, Funny

    "How do you find people willing to pontificate about what makes one system more secure than another," he naively asked Slashdot. Then came the deluge.

    --

    visit the hwky website for a lyrical genius infusion.
  2. I work for.. by onion2k · · Score: 3, Funny

    I work for a ship classification company.

    Big ship..

    Little ship..

    Big ship..

    Medium size ship..

    --
    http://twitter.com/onion2k
  3. Solution by madmagic · · Score: 2, Funny

    The answer is obvious if you're looking for the best way to secure an onboard system: hide the ship.

    -mm
    obscurity mon ami

  4. Every ship captain's nightmare by ahde · · Score: 4, Funny

    "Captain -- the minesweeper program's crashed again!"

  5. You should be sorry! by fm6 · · Score: 4, Funny

    Don't you understand the importance of gratifying your own ego? Instead, you remind us of a useful link, and go away! How lazy can you get?

  6. ULTIMATE LIFE-SAVER-SOFTWARE by Anonymous Coward · · Score: 1, Funny

    We are at the moment working on the ULTIMATE-LIFE-SAVER-SOFTWARE (TM). Now we're finalizing the alpha readiness tests, and are about to release the Beta-version.

    The system works by estimating the users remaining life-expectancy-rate. And interfere when there's 3ms left, saving the users life.

    This system is to be sold on a license-by-save basis, meaning that each time a save has been made; the user must buy another license at a new price. Different packages can be bought depending on the users need. The Nine-life package is expected to become particularly popular, and will be the "flag-ship" of our company. The price scheme will be customized to fit any profession or region of the world.

    Software/hardware requirements:

    - 500MHz P3 CPU
    - 512 Mb RAM
    - 40 Gb SCSI HD
    - Windows 98
    - RS232 port.

    We will soon offer a half-price two-life license of the beta package, for users that are willing to report bugs, and help out with our beta-tests.

    This is not an open-source-project and the company does not except liability for any direct or indirect damage caused by this software.

    Enjoy!

    hElDlik