Re: Reasons for Inclusion

From: Casey Schaufler (caseyat_private)
Date: Mon Mar 25 2002 - 16:20:40 PST

  • Next message: Valdis.Kletnieksat_private: "Re: Reasons for Inclusion"

    Russell Coker wrote:
    
    > Do some research about C2, then do some research into what's needed to
    > implement secure systems in the real world.  Talk to someone who has worked
    > as a network administrator at a large ISP or another site involving security
    > and real-world requirements.  Then you will know how little relevance C2 had
    > unless you were trying to sell software to the US military.
    > 
    > Then do some research into the amount of time that it used to require
    > (mandated not through beuracracy) to get a C2 and compare it to the way that
    > Linux software is developed.  It's really not a good match.
    
    As one of the few remaining experts on the implementation,
    evaluation, and productization of Trusted Systems, I can
    authoritatively say that none of these arguments are new,
    and they are no more convincing now than they were when
    they were applied to UNIX in 1987. "Real World" requirements
    haven't changed that much, save perhaps that all the world
    is now your terminal room.
    
    Yes, the evaluation process is a royal pain in the bum,
    but that's mostly because so much software is developed
    without any thought to either "Real World" or "Contrived
    Circumstances" security. No documentation, no thought to
    how it will work with other software, no consideration of
    context. But that hasn't changed from the UNIX world.
    
    So, I personally don't care much for most of what
    passes for "security" today. That's OKay. Security
    is all about how you feel about your system. If rigorous
    inspection of your system's security policy and it's
    implementation doesn't give you warm fuzzies, that's
    not my issue. But for some of us, that's what security
    is all about. 
    
    -- 
    
    Casey Schaufler				Manager, Trust Technology, SGI
    caseyat_private				voice: 650.933.1634
    casey_pat_private			Pager: 888.220.0607
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Mar 25 2002 - 16:22:58 PST