[cap-talk] Capabilities and the NCSC Trusted Computer Security Evaluation Criteria (TCSEC)
Ian G
iang at systemics.com
Mon Nov 20 05:41:33 CST 2006
David Hopwood wrote:
> David Wagner wrote:
>
>> Valerio Bellizzomi <devbox at selnet.org> writes:
>>
>>
>>> So, is it possible that the "marking" could be used as an element of a way
>>> out of TCSEC, and as an argument to "rebirth" the object/capability
>>> approach to computer security?
>>>
>> A personal opinion:
>>
>> The TCSEC requirements are most irrelevant to modern computer security in
>> the commercial world. They're a waste of time. Every second you spend
>> trying to comply with TCSEC is one second forever lost from your lifespan.
>> They're not worth the brain cells; don't bother.
>>
>
> I'd go further: if you try to comply with TCSEC, you are imposing artificial
> constraints on your system that may interfere with making it secure by more
> relevant criteria. So it is not just a waste of time, but actively
> counterproductive.
>
Does anyone benefit financially from TCSEC?
iang
More information about the cap-talk
mailing list