Mailing List Archive: Zope: Dev

Common-Criteria certification cancelled

Index | Next | Previous | View Threaded

ct at gocept

May 8, 2008, 2:55 AM

Post #1 of 3 (174 views)
Permalink

Common-Criteria certification cancelled

Hi everyone,

I have to give an unfortunate update about the Common Criteria (CC) certification.

The CC project began in 2003 to certify Zope 3's security architecture under
the conditions of the Common Criteria framework.

We started out as a community effort which turned out not to be a viable
solution due to the lack of interest of volunteers and the complexity of the
problem space.

gocept restarted the efforts in 2006 and provided a security target document
which was given to review and moving pretty good actually. There were very
concrete and viable plans for 2008 to finally get the certification wrapped up
by end of may.

Unfortunately the project had to be cancelled due to the lack of interest of
the sponsoring organisation which went through a major merger. Due to that
we're stopping all activities on the certification. If interest in this should
come back at some point, we'd be happy to be part of a renewed effort.

Christian

--
gocept gmbh & co. kg - forsterstrasse 29 - 06112 halle (saale) - germany
www.gocept.com - ct[at]gocept.com - phone +49 345 122 9889 7 -
fax +49 345 122 9889 1 - zope and plone consulting and development
_______________________________________________
Zope-Dev maillist - Zope-Dev[at]zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

regebro at gmail

May 10, 2008, 1:10 AM

Post #2 of 3 (151 views)
Permalink

Re: Common-Criteria certification cancelled [In reply to]

On Thu, May 8, 2008 at 11:55 AM, Christian Theune <ct[at]gocept.com> wrote:
> Hi everyone,
>
> I have to give an unfortunate update about the Common Criteria (CC) certification.
>
> The CC project began in 2003 to certify Zope 3's security architecture under
> the conditions of the Common Criteria framework.
>
> We started out as a community effort which turned out not to be a viable
> solution due to the lack of interest of volunteers and the complexity of the
> problem space.
>
> gocept restarted the efforts in 2006 and provided a security target document
> which was given to review and moving pretty good actually. There were very
> concrete and viable plans for 2008 to finally get the certification wrapped up
> by end of may.
>
> Unfortunately the project had to be cancelled due to the lack of interest of
> the sponsoring organisation which went through a major merger. Due to that
> we're stopping all activities on the certification. If interest in this should
> come back at some point, we'd be happy to be part of a renewed effort.

Too bad. I think those kinds of certifications aren't of much real
use, but it positions you as a serious enterprise player, so it looks
good.

--
Lennart Regebro: Zope and Plone consulting.
http://www.colliberty.com/
+33 661 58 14 64
_______________________________________________
Zope-Dev maillist - Zope-Dev[at]zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

ct at gocept

May 10, 2008, 1:52 AM

Post #3 of 3 (150 views)
Permalink

Re: Common-Criteria certification cancelled [In reply to]

On Sat, May 10, 2008 at 10:10:21AM +0200, Lennart Regebro wrote:
> On Thu, May 8, 2008 at 11:55 AM, Christian Theune <ct[at]gocept.com> wrote:
> > Hi everyone,
> >
> > I have to give an unfortunate update about the Common Criteria (CC) certification.
> >
> > The CC project began in 2003 to certify Zope 3's security architecture under
> > the conditions of the Common Criteria framework.
> >
> > We started out as a community effort which turned out not to be a viable
> > solution due to the lack of interest of volunteers and the complexity of the
> > problem space.
> >
> > gocept restarted the efforts in 2006 and provided a security target document
> > which was given to review and moving pretty good actually. There were very
> > concrete and viable plans for 2008 to finally get the certification wrapped up
> > by end of may.
> >
> > Unfortunately the project had to be cancelled due to the lack of interest of
> > the sponsoring organisation which went through a major merger. Due to that
> > we're stopping all activities on the certification. If interest in this should
> > come back at some point, we'd be happy to be part of a renewed effort.
>
> Too bad. I think those kinds of certifications aren't of much real
> use, but it positions you as a serious enterprise player, so it looks
> good.

I found it very useful to think about security in a structured way. The CC
functional catalog isn't that bad. I think the overall approach of CC is
actually pretty good. However, certifying a framework isn't directly thought
of in CC so we had our problems with terminology clashes etc as CC wants to
certify a specific application instead.

Christian

--
gocept gmbh & co. kg - forsterstrasse 29 - 06112 halle (saale) - germany
www.gocept.com - ct[at]gocept.com - phone +49 345 122 9889 7 -
fax +49 345 122 9889 1 - zope and plone consulting and development
_______________________________________________
Zope-Dev maillist - Zope-Dev[at]zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com