Logo des Repositoriums
 

Common Criteria certified open source software – fact or fiction?

dc.contributor.authorGustavsson, Tomas
dc.contributor.editorHühnlein, Detlef
dc.contributor.editorRoßnagel, Heiko
dc.date.accessioned2018-10-10T08:35:32Z
dc.date.available2018-10-10T08:35:32Z
dc.date.issued2013
dc.description.abstractIn 2012 the two open source projects CESeCore and EJBCA were Common Criteria certified [CCP], using open source tools and open source methodologies. As the actual software and its long term evolution is perhaps the most important result for most users, we will look at how certification, distribution and maintenance is managed. Can they be done in an open source way, and is certification always suitable? The Common Criteria for Information Technology Security Evaluation (Common Criteria) is a standard for IT security certification defined by ISO/IEC 15408 [WP]. The Common Criteria provides trust that processes for specification, implementation and evaluation has been performed in a rigorous and standardized way. Recognized world wide and governed by national certification bodies, Common Criteria is used as requirement for procurement and use of security software in governments, banks and enterprises. Common Criteria has been criticized for large costs and potential discrimination against Open Source Software [DW]. Given the rigorous system that Common Criteria enforces, how can open source software be certified, and maintained as certified? Drawbacks and benefits of a Common Criteria certification will be described, and how certification limits the maintenance of an open source project. Common Criteria certified open source software – fact or fiction? After this presentation software developers will be able to determine if their open source project is suitable for Common Criteria certification, whilst software users will have a good idea if they should require certification.en
dc.identifier.isbn978-3-88579-617-6
dc.identifier.pissn1617-5468
dc.identifier.urihttps://dl.gi.de/handle/20.500.12116/17188
dc.language.isoen
dc.publisherGesellschaft für Informatik e.V.
dc.relation.ispartofOpen Identity Summit 2013
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings, Volume P-223
dc.titleCommon Criteria certified open source software – fact or fiction?en
dc.typeText/Conference Paper
gi.citation.endPage155
gi.citation.publisherPlaceBonn
gi.citation.startPage155
gi.conference.date10.-11.09.2013
gi.conference.locationKloster Banz
gi.conference.sessiontitleRegular Research Papers

Dateien

Originalbündel
1 - 1 von 1
Lade...
Vorschaubild
Name:
155.pdf
Größe:
55.93 KB
Format:
Adobe Portable Document Format