[cap-talk] Capabilities and the NCSC Trusted Computer Security Evaluation Criteria (TCSEC)

David Wagner daw at cs.berkeley.edu
Sat Nov 4 17:20:15 CST 2006


Valerio Bellizzomi <devbox at selnet.org> writes:
>So, is it possible that the "marking" could be used as an element of a way
>out of TCSEC, and as an argument to "rebirth" the object/capability
>approach to computer security?

A personal opinion:

The TCSEC requirements are most irrelevant to modern computer security in
the commercial world.  They're a waste of time.  Every second you spend
trying to comply with TCSEC is one second forever lost from your lifespan.
They're not worth the brain cells; don't bother.


More information about the cap-talk mailing list