Re: Is this mail list dead?

[Crispin Cowan <crispin@wirex.com>]

Rik van Riel wrote:

> Don't forget the roman rule ... the one who says it cannot
> be done should never interrupt the one doing it.

Well, kind of.  Security is a negative proposition:  "using this system,
bad things cannot happen."  So when one "doing it" proposes a design, a
critic can validly point out failures in the design that can make it
ineffective.

My main concern with C2 for Linux is that it's simultaneously too
restrictive to be useful, and too slack to provide effective security.
Casy's claims not withstanding, it is my perception that the market has
spoken loud and clear:  C2 is *not* wanted by very many customers.  There's
a long trail of wreckage of companies who built orange book style secure
systems, and then discovered to their regret that there was no market for
such systems.

The one who is "doing it" might be well advised to see whether anyone else
cares :-)

We know how to build systems that are useful, and we know how to build
systems that are secure.  The main challenge is to build systems that are
both useful and secure.

Crispin

--
Crispin Cowan, Ph.D.
Chief Research Scientist, WireX Communications, Inc. http://wirex.com
Security Hardened Linux Distribution:                http://immunix.org



-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/