Trends in Security Product Evaluations

Q4 Social Sciences

Journal of Information Systems Security Pub Date : 2007-07-01 DOI:10.1080/10658980701576404

Richard E. Smith

引用次数: 5

Abstract

ABSTRACT Government-endorsed security evaluations, like those performed under the Common Criteria (CC), use established techniques of software quality assurance to try to evaluate product security. Despite high costs and disputed benefits, the number of evaluated products has grown dramatically since 2001, doubling between 2003 and 2005 and leaping again in 2006. Using details from more than 860 security evaluations, this paper looks at the types of products evaluated, the “assurance levels” achieved, where the evaluations occur, and ongoing participation by product vendors. These observations are combined with other lessons learned to make recommendations on product evaluation strategies.

查看原文本刊更多论文

安全产品评估的趋势

政府认可的安全评估，就像那些在通用标准(CC)下执行的评估一样，使用已建立的软件质量保证技术来尝试评估产品安全性。尽管成本高，效益也有争议，但自2001年以来，接受评估的产品数量大幅增长，2003年至2005年期间翻了一番，2006年再次大幅增长。本文使用860多个安全评估的细节，研究了评估的产品类型、达到的“保证级别”、评估发生的位置以及产品供应商的持续参与。将这些观察结果与其他经验教训结合起来，就产品评价战略提出建议。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Information Systems Security Social Sciences-Safety Research

CiteScore

0.40

自引率

0.00%

发文量