Slashdot Mirror

← Back to Stories (view on slashdot.org)

IEEE to Standardize OS Security Components

Posted by michael on from the pointing-no-fingers dept.

aster_ken writes "The Institute of Electrical and Electronic Engineers has started work on a standard for securing operating systems, as a recognition that software security is 'limited by the operating systems that underpin them', the organization said yesterday. The standard, dubbed IEEE P2200, will address external threats and intrinsic flaws arising from software design and engineering practices."

10 of 197 comments (clear)

  1. Don't, it's full of junk! (Was Re:MOD PARENT UP!) by grahamkg · · Score: 2, Informative

    Did you Read The Fucking Post? It's littered with trash. Fucking idiot.

    --
    Graham
    Linux - Fast Pane Relief
  2. Re:Coming soon to mainstream america by Agent+Deepshit · · Score: 2, Informative
    Consider recent events.

    I used to work tech support for a large software company that develops OSes (who could that be?) and I learned customers are VERY concerned about security. They often asked questions like 'Should I be installing security updates? / Can someone get into my computer? / etc.' This same company had 1000 tech support calls queued the day MSBlaster hit. If one product is sporting a Certification sticker and another is not, the one sporting the sticker will have a bit more weight with the consumer.

    This is even more true if they are one of the many thousands who had to call tech support to find out what the hell was wrong with their system.

  3. Quit whining - not everything has to be free by sczimme · · Score: 3, Informative


    This is typical of so many kiddies these days: "I want everything for free, even if it's something I will never need/use/understand".

    Many products that are the result of the work of many people - like cars, toasters, and yes, even documents - cost money to produce. Learn to recognize which items are worth the amount on the price tag, and purchase accordingly.

    --
    I want to drag this out as long as possible. Bring me my protractor.
    1. Re:Quit whining - not everything has to be free by qtp · · Score: 5, Informative

      The problem with this particular document being a "pay to play" licensing scheme, is that it will likely be adopted into law in some way, either as a supplier specification or as a compliance requirement for marketing a product or service.

      There are several jurisdictions in the United States where thier building codes are released in this way and are protected under copyright requiring a builder or homeowner to pay a large amount to have a copy of the current codes for reference and to pay an additional amount to include excerpts from the code in zoning and building permit applications. The fact that all persons (in that jurisdiction) are subject to compliance with these codes makes the licensing scheme an unfair limitation on builders giving an unfair advantage to larger construction companies and prevents homeowners being able to make even small improvements to thier properties if they are on a limited budget.

      I have seen building projects where the cost of preparing the permits was extensively more than the cost of actual construction due to licensing costs for access to the building codes and the necessity of including exerpts from the building code in the application. The one that springs to mind is a $1,500.00 improvement to a fire escape (required by code) that cost in excess of $2,000.00 to prepare the permits. If there had been no licensing fee for code exerpts , and if a reference copy of the code had been possible to obtain for less than $750.00, it would have cost less than $500.00 to prepare the permit, as it would have been possible to prepare the application in house and would not have required a legal review of the application before submittal.

      The only purpose that charging for the use of a specification serves is to limit the playing feild in the affected industry to a certain class of individuals who either already have money with which to pay, or have made commitments to persons who might or might not be knowlegable about the involved technology, but have the economic power and the desire to regulate that industry.

      This kind of non-governmental regulation puts an artificial limitation on the mechanisms of capitolism and prevents the very kind of "free market" (that you seem to be arguing for) from developing and prevents participation from legitimate businesses and other projects that have the necessary skills, knowledge, and abilities, but are lacking in support from the already established players in that market.

      --
      Read, L
    2. Re:Quit whining - not everything has to be free by Anonymous Coward · · Score: 1, Informative
      There are several jurisdictions in the United States where their building codes are ... protected under copyright, requiring a builder or homeowner to pay a large amount to have a copy of the current codes for reference and to pay an additional amount to include excerpts from the code in zoning and building permit applications....

      Actually, since last year's en banc 5th Circuit appelate decision with was recently denied review by the Supreme Court, this is no longer the case.

  4. "BOSS"? by Anonymous Coward · · Score: 1, Informative

    Hey, hey, hey, it's the big Master Control Program everyone's been talkin' about!

    Won't that be grand? Computers and the programs will start thinking and the people will stop.

    When you're on the other side of the screen, it all looks so easy.

    End of line.

  5. My point exactly... by poptones · · Score: 2, Informative
    That thing is over $200. And that's not including the proprietary software to manage and configure that "firewall."

    I can buy a linksys router with basic firewall functionality for $50. I can buy a NIC for $5. That's one helluva jump in price to get less functionality in a low profile case. So what if it says 3com on the box? My whole point is that this stuff doesn't need to be proprietary or expensive - it is only because there's no standard to commoditize the functionality.

  6. Re:No operating system will ever be completely sec by Wesley+Felter · · Score: 2, Informative

    That is a very good point, although my answer is the same: the best design approach is to separate applications into security-critical and non-security-critical parts, and minimize the size of the security-critical code. Luckily some people are already doing this.

  7. Re:Limited release by Valar · · Score: 2, Informative

    Well, if you're a member of IEEE, you can usually get all that stuff for free. I'm a member (because as a student it only costs me like thirty bucks a year). I've pulled a bunch of documents from their archives and I've never payed a thing. Though, they do have an exagerated opinion of the value of dead trees. Some of the standards do require extra fees, I think, but none of the stuff I've used.

    --

    ====
    Crudely Drawn Games
  8. Re:IEEE by Anonymous Coward · · Score: 1, Informative

    Its "Institute of Electrical and Electronics Engineers." They changed it quite a while ago.