Understanding the Windows EAL4 rating

Posted Dec 12, 2002 22:25 UTC (Thu) by construx (guest, #7694)
Parent article: Understanding the Windows EAL4 rating

Some interesting commentary on Shapiro's article in the latest RISKS:

http://catless.ncl.ac.uk/Risks/22.42.html#subj10

I'm not sure I completely agree with either viewpoint, but the RISKS post sheds some light on the Common Criteria evaluation process.

In the end, I think the security of an operating system is and should be judged more on its performance in the real world than in any static evaluation process. Already this month we've had two "critical" and one "important" security bulletins from Microsoft, and it's only the 12th.