Talk:Security-evaluated operating system
This article was nominated for deletion on 9 April 2023. The result of the discussion was no consensus. |
This page was proposed for deletion by Chumpih (talk · contribs) on 7 April 2023. |
This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||||||||||
|
IBM AIX 5l V5.3 is also Certified for CAPP/EAL4+
Wouldn't it make sense to suspend this?
[edit]This article is very misleading, and out of date. Wouldn't it make sense to put some warning at the top? It doesn't even include the Snowden revelations - somebody reading this might be misled to believe that microsoft systems, or any other closed-source systems, can be secure. — Preceding unsigned comment added by Fustbariclation (talk • contribs) 16:24, 12 October 2014 (UTC)
Is this article still up to date?
[edit]No - material is ancient, have a summary of vendors will update this with. CC had changed significant and we need to add FIPS 140-2 as part of OS evaluation story. Full Disclosure - my day job is working with one of these OSes, I will be impartial, but wanted to be clear I can be perceived as having a bias.
As I understand it, different vendors are looking for or have got EAL 4 evaluation.
Just a few references out of many:
(Old comment on Windows certification) http://archives.neohapsis.com/archives/risks/2002/0055.html
(Now Windows and SUSI seems to be certified against the same Common Access Protection Profile) http://whitepapers.zdnet.co.uk/0,1000000651,260280271p,00.htm?r=7
(Also RedHat seems to have a certified version) http://www.webwire.com/ViewPressRel.asp?aId=39796 http://www.informationweek.com/showArticle.jhtml;jsessionid=G11XGSWCNNNUMQSNDLPSKHSCJUNN2JVN?articleID=171202290&queryText=eal4
(Rivals Sun, Red Hat, and Novell busy with securing) http://www.informationweek.com/showArticle.jhtml;jsessionid=G11XGSWCNNNUMQSNDLPSKHSCJUNN2JVN?articleID=180202469&queryText=eal4
(And I don't know where they are today) http://www.linuxdevices.com/news/NS1971174872.html
EnGarde?
[edit]Why is this linked to in the "See also"? As far as I can tell, EnGarde has no security certification, so it seems to have no more relevance to this article than any other OS that has been developed with security in mind. S. Ugarte (talk) 21:34, 15 December 2008 (UTC)
- Looks like that contributor went through and pimped EnGarde in a bunch of articles where it isn't so relevant. I'm going to go through and clean these up, because it looks a lot like commercial promotion to me (EnGarde is not such a big-time Linux distro that it deserves a unique See Also as a "Unix-like OS", for example). S. Ugarte (talk) 21:42, 15 December 2008 (UTC)
Terminology
[edit]The description for Trusted Solaris 8 includes:
Trusted Solaris Version 8 received the EAL4 certification level augmented by a number of protection profiles
This seems to imply that the evaluation is all about the assurance level, and just for additional swank, you can add "protection profiles" as a kind of set of merit badges.
My interpretation, which could admittedly be way off base, is that this is somewhat backwards: the protection profiles describe what you're evaluating (the security properties such as access control), and the EAL describes how rigorously this evaluation has been conducted. Of further importance is the Target of Evaluation, which describes the scope of the evaluation -- that is, how much of the actual OS was tested. Does this sound right?--NapoliRoma (talk) 15:06, 3 April 2009 (UTC)
- C-Class Computer Security articles
- Low-importance Computer Security articles
- C-Class Computer Security articles of Low-importance
- C-Class Computing articles
- Low-importance Computing articles
- All Computing articles
- All Computer Security articles
- C-Class software articles
- Low-importance software articles
- C-Class software articles of Low-importance
- Unknown-importance Computing articles
- All Software articles