C2 secure systems, ratings, SecureWare

Miles ONeal meo at Dixie.Com
Fri Mar 15 15:43:34 AEST 1991


Sean Eric Fagan responds to John F Haugh II:

|Uhm, SecureWare got at least one of their products rated.  Again, just
|something I seem to recall reading somewhere (probably, again, InfoWorld,
|although it might have been ComputerWorld [magazines people send to me for

The news was in both of those.

|free]).  Wish I could remember.  But I think it was a B-level.  You can't

SecureWare passed formal evaluation recently on a CMW (compartmented mode
workstation). The CMW rating crosses several Orange Book lines - parts
are at B1, parts at B2, etc. It is another beastie altogether.

|blame SW or SCO for not getting the C2 product evaluated:  the gov't isn't

SecureWare did the work for SCO. In fact, much of SecureWare's work
is for other vendors - Apple, DEC, SCO, etc. In some of these cases,
SecureWare did the work under contract, which means the final product
belongs to the vendor. The contracts typically do not include the
costs (money or time) of getting a system evaluated. That is the
responsibility of the vendor; if they wish SecureWare to produce
an evaluated product, they'll ask for that. In other cases, SecureWare
licensed technology to the vendor. The vendor knows whether that
technology is evaluated or not, and again, it is up to them to
market it appropriately.

As to what SCO intends with their C2 version, I haven't the faintest
idea. I haven't been involved in that work.

If SecureWare were to sell products, you can be sure the products would
be explicitly labelled as to whether they were simply compliant, or were
evaluated.

|going to rate C level products anymore, I've been told, because it's not
|worth the effort!

I don't know about this, one way or the other.

-Miles



More information about the Comp.unix.programmer mailing list