Re: [Full-disclosure] Can ISO15408 evaluated products be trusted?

From: HHikita (h_hikita_at_yahoo.co.jp)
Date: 05/21/05

  • Next message: Daniel Hartmeier: "[Full-disclosure] CERT VU#637934" 
    Date: Sun, 22 May 2005 01:13:42 +0900
To: Nora Barrera <nora15408@yahoo.com>

    Nora Barrera wrote:

    >I was told that "internal risk" is not taken into
    >account in Japan. No employee would hack his own
    >company.
    >
    >
    The traditional employment system in Japan was "Shuushin Koyou".
    You were basically assured your job until retirement.
    So before there were any Information technology, 30years of your
    annual income was enough to mitigate most threats.

    There are still companies which do not take "internal risk" into
    account, and you are able to read about their consequences
    in the newspapers daily.

    >How can this be evaluated? The evaluation laboratory
    >says "Not clear, not understandable". And the guy who
    >wrote the description answers "you are too stupid to
    >understand it". What happens next?
    >
    >

    The evaluator would at least have to specify where and/or what in the
    Security Target
    that he finds to be "Not clear, not understandable". And the developer
    is given a chance to
    take action against these claims.

    If the issue is not resolved at the end of the evaluation, then the
    verdict would be
    "fail" or "inconclusive".

    >_Supposed_
    >You said it!
    >
    You would have to do some homework on the kind of product the PP or ST
    is about.

    __________________________________
    Do You Yahoo!?
    Upgrade Your Life
    http://bb.yahoo.co.jp/

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

  • Next message: Daniel Hartmeier: "[Full-disclosure] CERT VU#637934"

    Relevant Pages

    • Re: Amazon.fr bargain - Callas box
      ... which will make the ordering process pretty simple. ... an EMail address and a password, not an account number. ... Regarding Amazon Japan, I would stick with HMV Japan or CD Japan. ...
      (rec.music.classical.recordings)
    • Re: Help needed for scientific terms
      ... I will take them into account. ... Found this one a little strange myself, ... It was printed in a book about Japan as an example of a ...
      (sci.lang.japan)
    • Re: Stock market value evaporation.
      ... All over in Japan. ... Put your money in a nice building soc account. ... A nice variable rate one to cash in on the national 5% base interest rate ... Instant access 5.10% like the Coventry "first" account. ...
      (uk.finance)
    • Re: Why must the Capital Acc. = the Current Acc.?
      ... Yurk Yurk wrote: ... > brief descriptions of the current account and the capital account and ... Someone in Japan has now got a million Australian dollars. ...
      (sci.econ)