Talk:Security-evaluated operating system

This article was nominated for deletion on 9 April 2023. The result of the discussion was no consensus.

This page was proposed for deletion by Chumpih (talk · contribs) on 7 April 2023.

Computer Security: Computing Low‑importance

This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles

Low

This article has been rated as Low-importance on the project's importance scale.

This article is supported by WikiProject Computing.

Things you can help WikiProject Computer Security with:

Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...

Answer question about Same-origin_policy
Review importance and quality of existing articles
Identify categories related to Computer Security
Tag related articles
Identify articles for creation (see also: Article requests)
Identify articles for improvement
Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
Find editors who have shown interest in this subject and ask them to take a look here.

Software: Computing Low‑importance

	This article is within the scope of WikiProject Software, a collaborative effort to improve the coverage of software on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.SoftwareWikipedia:WikiProject SoftwareTemplate:WikiProject Softwaresoftware articles
Low	This article has been rated as Low-importance on the project's importance scale.
	This article is supported by WikiProject Computing.

IBM AIX 5l V5.3 is also Certified for CAPP/EAL4+

Wouldn't it make sense to suspend this?[edit]

This article is very misleading, and out of date. Wouldn't it make sense to put some warning at the top? It doesn't even include the Snowden revelations - somebody reading this might be misled to believe that microsoft systems, or any other closed-source systems, can be secure. — Preceding unsigned comment added by Fustbariclation (talk • contribs) 16:24, 12 October 2014 (UTC)[reply]

Is this article still up to date?[edit]

No - material is ancient, have a summary of vendors will update this with. CC had changed significant and we need to add FIPS 140-2 as part of OS evaluation story. Full Disclosure - my day job is working with one of these OSes, I will be impartial, but wanted to be clear I can be perceived as having a bias.

As I understand it, different vendors are looking for or have got EAL 4 evaluation.

Just a few references out of many:

(Old comment on Windows certification) http://archives.neohapsis.com/archives/risks/2002/0055.html

(Now Windows and SUSI seems to be certified against the same Common Access Protection Profile) http://whitepapers.zdnet.co.uk/0,1000000651,260280271p,00.htm?r=7

(Also RedHat seems to have a certified version) http://www.webwire.com/ViewPressRel.asp?aId=39796 http://www.informationweek.com/showArticle.jhtml;jsessionid=G11XGSWCNNNUMQSNDLPSKHSCJUNN2JVN?articleID=171202290&queryText=eal4

(Rivals Sun, Red Hat, and Novell busy with securing) http://www.informationweek.com/showArticle.jhtml;jsessionid=G11XGSWCNNNUMQSNDLPSKHSCJUNN2JVN?articleID=180202469&queryText=eal4

(And I don't know where they are today) http://www.linuxdevices.com/news/NS1971174872.html

EnGarde?[edit]

Why is this linked to in the "See also"? As far as I can tell, EnGarde has no security certification, so it seems to have no more relevance to this article than any other OS that has been developed with security in mind. S. Ugarte (talk) 21:34, 15 December 2008 (UTC)[reply]

Looks like that contributor went through and pimped EnGarde in a bunch of articles where it isn't so relevant. I'm going to go through and clean these up, because it looks a lot like commercial promotion to me (EnGarde is not such a big-time Linux distro that it deserves a unique See Also as a "Unix-like OS", for example). S. Ugarte (talk) 21:42, 15 December 2008 (UTC)[reply]

Terminology[edit]

The description for Trusted Solaris 8 includes:

Trusted Solaris Version 8 received the EAL4 certification level augmented by a number of protection profiles

This seems to imply that the evaluation is all about the assurance level, and just for additional swank, you can add "protection profiles" as a kind of set of merit badges.

My interpretation, which could admittedly be way off base, is that this is somewhat backwards: the protection profiles describe what you're evaluating (the security properties such as access control), and the EAL describes how rigorously this evaluation has been conducted. Of further importance is the Target of Evaluation, which describes the scope of the evaluation -- that is, how much of the actual OS was tested. Does this sound right?--NapoliRoma (talk) 15:06, 3 April 2009 (UTC)[reply]