Slashdot Mirror

← Back to Stories (view on slashdot.org)

Computer Security Criteria

Posted by michael on from the more-than-just-published-exploits dept.

Rolf Marvin Bøe Lindgren writes: "For most human endeavors that involve some sort of risk, there are powerful, recognized public interest groups or even government-appointed organizations that investigate and analyze dangers, prescribe guidelines, determine criteria for acceptable risk, etc. This does not seem to be the case for software! I work for a ship classification company. The purpose of such companies are, very simply put, to determine how safe seagoing vessels are, for instance in order that insurance companies can decide insurance premiums. There are, needless to say, numerous conventions and special interest groups to determine safety at sea. That is, as far as I know (and I would very much like to be proven wrong), except the computer systems that the ships use. there are restrictions, laws and regulations involved in just about any object that goes into a ship except the computer system. Everybody seems to know, for instance, that UNIX is safer that Windows, but there are no safety, reliability or security criteria established by any recognized authority that can be used to defend one computer system over another."

"Now, I could ask Slashdot how to go about to form a recognized body, but I have access to competence in that particular matter. What I would rather like to know, is this:

  • What might a set of safety criteria be like (I am just now most interested in criteria for computer systems that would address such issues as vulnerability to worms, viruses and crackers)?
  • How should one go about to find competent and interested people who would like to be part of a body like I describe, or consultants to one?

3 of 285 comments (clear)

  1. Some regulations... by netizencain · · Score: 0, Offtopic

    There are a few regulations currently in place that dictate computer networks onboard commercial vessels. A big one is IEC-945. The IEC-945 testing is a standard for test of equipment intended for installation in the bridge. IEC-945 assists in meeting the requirements of SOLAS (Safety Of Life At Sea) that is also adopted by IMO (International Maritime Organization). ISO (International ORganization for Standards has a technical committee (TC-8) and a subcommitte 10 (SC-10) that deals with computer applications. (never looked this one up before) The guiding principle with the shipping company I work for is that no computer that controls navigation can be on the network. We make sure we have ABS approval before penetrating bulkheads for cable runs and the cable must be of a type that does not produce smoke if burned. Otherwise it's anything goes as far as software: Windows, Novell, etc... We just ensure compatibility with the shore-side and go from there.

  2. Ben Stein: Friend of the Lardass by GafTheHorseInTears · · Score: 0, Offtopic

    So I was watching "Win Ben Stein's Money" just now, and I think I've spotted a pattern:

    The fattest contestant makes it to the final round.

    I'm going to have to watch a few more episodes to confirm my theory, but I think I might be on to something here...

    On a related note, WTF's up with Nancy Pimental's neck, anyways?

    --
    "You're just scared like a little white pussy. I'll fuck you till you love me, you faggot!"
  3. Prescription medication is your friend by GafTheHorseInTears · · Score: 0, Offtopic
    Hey, did you know that one of the side effects of Ambien is hallucination?

    In any case, the visuals are really starting starting to kick in now, so I'm going to go lay down for a bit.

    Please try to hold the fort while I'm gone. If you need anything, just leave me a message, I'll check it when I get up in 7-8 hours.

    See you then - XOXO

    --
    "You're just scared like a little white pussy. I'll fuck you till you love me, you faggot!"