Well, Since ICSA became a commercial organization (they make money and must have some kind of profit) I would double check validity of their tests. Although I think that their tests are still the most competent out there, I simply don't trust them any more... I guess I have a trust problem:-)) Maybe that is why I also don't use Verisign certs...:-)) Pez --- Rick Smith <rick_smithat_private> wrote: > At 08:30 AM 02/03/2000 -0500, Marcus J. Ranum wrote: > > >I'm sure that many on this list will be shocked to > hear me say > >this, but the ICSA firewall product certification > is orders of > >magnitude more valuable to real customers than > ITSEC evaluation. > > The Common Criteria is supposed to fix this problem > by defining "Protection > Profiles" that establish functional requirements for > particular types of > products. There are two firewall profiles already, > with more on the way. > The first two aren't much use to most firewall > customers because the > requirements are 'way too abstract. You could build > all sorts of arcane > devices that meet the criteria while remaining > steadfastly useless for most > security purposes. At least a hub is useful for > something. > > Rick. > > __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:00:49 PDT