[cap-talk] Capabilities and the NCSC Trusted Computer Security Evaluation Criteria (TCSEC)

Ian G iang at systemics.com
Mon Nov 20 05:41:33 CST 2006


David Hopwood wrote:
> David Wagner wrote:
>   
>> Valerio Bellizzomi <devbox at selnet.org> writes:
>>
>>     
>>> So, is it possible that the "marking" could be used as an element of a way
>>> out of TCSEC, and as an argument to "rebirth" the object/capability
>>> approach to computer security?
>>>       
>> A personal opinion:
>>
>> The TCSEC requirements are most irrelevant to modern computer security in
>> the commercial world.  They're a waste of time.  Every second you spend
>> trying to comply with TCSEC is one second forever lost from your lifespan.
>> They're not worth the brain cells; don't bother.
>>     
>
> I'd go further: if you try to comply with TCSEC, you are imposing artificial
> constraints on your system that may interfere with making it secure by more
> relevant criteria. So it is not just a waste of time, but actively
> counterproductive.
>   


Does anyone benefit financially from TCSEC?

iang


More information about the cap-talk mailing list