Re: Security/compliance

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Daniel W. Connolly: "Re: An Anchor attribute question:"
• Previous message: HALLAM-BAKER Phillip: "Re: HTML should *NOT* HTTP"

|>Compliance! Now there's a nifty idea. What's the plan for arranging
|>for compliant software?
|>
|>If there's a solution to this problem, then it would also be nice to
|>know which clients are safe and don't have exploitable holes in them.

In general:

Compliance level IV Designed for compliance.
Compliance level III Tested in accordance with approved suite
Compliance level II Synthesized from the specs
Compliance level I Validated as correct using approved technology.

For security compliance there would have to be `whole system' checks.
Validation could only be made for a particular product on a particular
TCB.

--
Phillip M. Hallam-Baker

Not Speaking for anyone else.

• Next message: Daniel W. Connolly: "Re: An Anchor attribute question:"
• Previous message: HALLAM-BAKER Phillip: "Re: HTML should *NOT* HTTP"