[Zope-dev] Common-Criteria certification cancelled
Christian Theune
ct at gocept.com
Sat May 10 04:52:45 EDT 2008
On Sat, May 10, 2008 at 10:10:21AM +0200, Lennart Regebro wrote:
> On Thu, May 8, 2008 at 11:55 AM, Christian Theune <ct at gocept.com> wrote:
> > Hi everyone,
> >
> > I have to give an unfortunate update about the Common Criteria (CC) certification.
> >
> > The CC project began in 2003 to certify Zope 3's security architecture under
> > the conditions of the Common Criteria framework.
> >
> > We started out as a community effort which turned out not to be a viable
> > solution due to the lack of interest of volunteers and the complexity of the
> > problem space.
> >
> > gocept restarted the efforts in 2006 and provided a security target document
> > which was given to review and moving pretty good actually. There were very
> > concrete and viable plans for 2008 to finally get the certification wrapped up
> > by end of may.
> >
> > Unfortunately the project had to be cancelled due to the lack of interest of
> > the sponsoring organisation which went through a major merger. Due to that
> > we're stopping all activities on the certification. If interest in this should
> > come back at some point, we'd be happy to be part of a renewed effort.
>
> Too bad. I think those kinds of certifications aren't of much real
> use, but it positions you as a serious enterprise player, so it looks
> good.
I found it very useful to think about security in a structured way. The CC
functional catalog isn't that bad. I think the overall approach of CC is
actually pretty good. However, certifying a framework isn't directly thought
of in CC so we had our problems with terminology clashes etc as CC wants to
certify a specific application instead.
Christian
--
gocept gmbh & co. kg - forsterstrasse 29 - 06112 halle (saale) - germany
www.gocept.com - ct at gocept.com - phone +49 345 122 9889 7 -
fax +49 345 122 9889 1 - zope and plone consulting and development
More information about the Zope-Dev
mailing list