Slashdot Mirror

← Back to Stories (view on slashdot.org)

Justifying the Common Criteria Security Evaluation

Posted by michael on from the secure-is-as-secure-does dept.

lewko writes "Microsoft has just received a Common Criteria certification for Windows 2000 at Evaluation Assurance Level (EAL) 4. Security experts have been saying for years that the the security of the Windows family of products is hopelessly inadequate. Now there is a rigorous government certification confirming this. What does it all mean? This paper suggests that Microsoft spent millions of dollars producing documentation that shows that Windows 2000 meets an inadequate set of requirements, and that you can have reasonably strong confidence that this is the case. Microsoft bashing aside, the process in evaluating a security product is relevant to anyone considering the deployment of technology into their environment." The EROS operating systems he mentions looks interesting - of course, it also looked interesting three years ago.

2 of 168 comments (clear)

  1. Repost by cscx · · Score: 0, Offtopic

    Original available here, but last time we didn't get the privlege of reading Michael's snippy comments at the end.

  2. Re:The Art of Cunniligus by RealityThreek · · Score: 0, Offtopic

    Umm. I'm pretty sure you are about as off-topic as you can get. Lucky I don't have mod points right now. :P

    --
    :wq