|

 
|
| | Name : | David Dill | Organization : | N/A | Post Date : | 9/30/2005 |
| Comment : | My final comments are on the certification process. The current process is almost worthless for
security. The process itself has to be made much more stringent. In should be conducted by experts not chosen by the vendors, and those experts should be allowed to do open-ended research on possible attacks (such groups are sometimes called “Tiger teams”). Indeed, the TGDC passed resolution #17-05 calling for such an approach, which unfortunately does not appear in the guidelines.particular, security evaluations
[Statements submitted at EAC public hearing, July 28, 2005, Pasadena]
| |
|
|