{"title":"安全产品评估的趋势","authors":"Richard E. Smith","doi":"10.1080/10658980701576404","DOIUrl":null,"url":null,"abstract":"ABSTRACT Government-endorsed security evaluations, like those performed under the Common Criteria (CC), use established techniques of software quality assurance to try to evaluate product security. Despite high costs and disputed benefits, the number of evaluated products has grown dramatically since 2001, doubling between 2003 and 2005 and leaping again in 2006. Using details from more than 860 security evaluations, this paper looks at the types of products evaluated, the “assurance levels” achieved, where the evaluations occur, and ongoing participation by product vendors. These observations are combined with other lessons learned to make recommendations on product evaluation strategies.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2007-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Trends in Security Product Evaluations\",\"authors\":\"Richard E. Smith\",\"doi\":\"10.1080/10658980701576404\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"ABSTRACT Government-endorsed security evaluations, like those performed under the Common Criteria (CC), use established techniques of software quality assurance to try to evaluate product security. Despite high costs and disputed benefits, the number of evaluated products has grown dramatically since 2001, doubling between 2003 and 2005 and leaping again in 2006. Using details from more than 860 security evaluations, this paper looks at the types of products evaluated, the “assurance levels” achieved, where the evaluations occur, and ongoing participation by product vendors. These observations are combined with other lessons learned to make recommendations on product evaluation strategies.\",\"PeriodicalId\":36738,\"journal\":{\"name\":\"Journal of Information Systems Security\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Systems Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1080/10658980701576404\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"Social Sciences\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Systems Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/10658980701576404","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"Social Sciences","Score":null,"Total":0}
ABSTRACT Government-endorsed security evaluations, like those performed under the Common Criteria (CC), use established techniques of software quality assurance to try to evaluate product security. Despite high costs and disputed benefits, the number of evaluated products has grown dramatically since 2001, doubling between 2003 and 2005 and leaping again in 2006. Using details from more than 860 security evaluations, this paper looks at the types of products evaluated, the “assurance levels” achieved, where the evaluations occur, and ongoing participation by product vendors. These observations are combined with other lessons learned to make recommendations on product evaluation strategies.