Cost profile of a highly assured, secure operating system
ACM Transactions on Information and System Security (TISSEC)
Using the Common Criteria for It Security Evaluation
Using the Common Criteria for It Security Evaluation
BLACKER: Security for the DDN, Examples of A1 Security Engineering Trades
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Does the Common Criteria Paradigm Have a Future?
IEEE Security and Privacy
| Hi-index | 0.00 |
Government-endorsed security evaluations, like those performed under the Common Criteria (CC), use established techniques of software quality assurance to try to evaluate product security. Despite high costs and disputed benefits, the number of evaluated products has grown dramatically since 2001, doubling between 2003 and 2005 and leaping again in 2006. Using details from more than 860 security evaluations, this paper looks at the types of products evaluated, the "assurance levels" achieved, where the evaluations occur, and ongoing participation by product vendors. These observations are combined with other lessons learned to make recommendations on product evaluation strategies.