Re: Security/compliance

Wed, 1 Jun 1994 20:59:05 +0200

In article <>, (Stephen D Crocker ) writes:

|>Compliance! Now there's a nifty idea. What's the plan for arranging
|>for compliant software?
|>If there's a solution to this problem, then it would also be nice to
|>know which clients are safe and don't have exploitable holes in them.

In general:

Compliance level IV Designed for compliance.
Compliance level III Tested in accordance with approved suite
Compliance level II Synthesized from the specs
Compliance level I Validated as correct using approved technology.

For security compliance there would have to be `whole system' checks.
Validation could only be made for a particular product on a particular

Phillip M. Hallam-Baker

Not Speaking for anyone else.