689

Sometimes, it's backwards (sh.itjust.works)

submitted 2 weeks ago* (last edited 2 weeks ago) by 0x4E4F@sh.itjust.works to c/programmer_humor@programming.dev

190 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] Laser@feddit.org 4 points 2 weeks ago* (last edited 2 weeks ago)

I worked in software certification under Common Criteria, and while I do know that it creates a lot of work, there were cases where security has been improved measurably - in the hardware department, it even happened that a developer / manufacturer had a breach that affected almost the whole company really badly (design files etc stolen by a probably state sponsored attacker), but not the CC certified part because the attackers used a vector of attack that was caught there and rectified.

It seemingly was not fixed everywhere for whatever reason... but it's not that CC certification is just some academic exercise that gives you nothing but a lot of work.

Is it the right approach for every product? Probably not because of the huge overhead power certified version. But for important pillars of a security model, it makes sense in my opinion.

Though it needs to be said that the scheme under which I certified is very thorough and strict, so YMMV.

this post was submitted on 28 Sep 2024

689 points (96.1% liked)

Programmer Humor

19315 readers

40 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 1 year ago

MODERATORS

Feyter@programming.dev

anzo@programming.dev

BurningTurtle@programming.dev

pylapp@programming.dev