[cap-talk] Capabilities and the NCSC Trusted Computer Security Evaluation Criteria (TCSEC)

Ian G iang at systemics.com
Mon Nov 20 05:41:33 CST 2006

David Hopwood wrote:
> David Wagner wrote:
>> Valerio Bellizzomi <devbox at selnet.org> writes:
>>> So, is it possible that the "marking" could be used as an element of a way
>>> out of TCSEC, and as an argument to "rebirth" the object/capability
>>> approach to computer security?
>> A personal opinion:
>> The TCSEC requirements are most irrelevant to modern computer security in
>> the commercial world.  They're a waste of time.  Every second you spend
>> trying to comply with TCSEC is one second forever lost from your lifespan.
>> They're not worth the brain cells; don't bother.
> I'd go further: if you try to comply with TCSEC, you are imposing artificial
> constraints on your system that may interfere with making it secure by more
> relevant criteria. So it is not just a waste of time, but actively
> counterproductive.

Does anyone benefit financially from TCSEC?


More information about the cap-talk mailing list