[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject




At 09:35 PM 11/14/98 -0500, John Young <[email protected]> wrote:
>
>An NSA team presented at NISSC98 in October
>"The Inevitability of Failure: The Flawed Assumption 
>of Security in Modern Computing Environments:"

...

>Not that NSA would ever exploit OS weaknesses not warned 
>about.
>

	Part of the context for this:  NSA is trying to encourage their new
testing program for security products.  My feeling is that program, in
turn, is intended to preserve the spaces for all the employees
involved in the failed TCSEC/Rainbow testing program.  I say "failed"
because it hasn't caught on in the private sector, it's expensive and,
of course, the laughable "C2 in '92."  
	If you can't trust your OS, Dum-dum-Dah! NSA to the rescue with
testing!
	The new Common Criteria is to replace TCSEC/Rainbow next year, but if
it walks like a duck....