Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

If the process was not designed to actually detect software bugs or vulnerabilities in an OS, then what does it check?

actually bugs designed detect OS process Software vulnerabilities
0
Posted

If the process was not designed to actually detect software bugs or vulnerabilities in an OS, then what does it check?

0 CommentsAdd a Comment

1 Answer

0

This question emphasizes the current disappointment that DoD officials have with the process. They are paying extra money for evaluated products but not necessarily getting better products because of the evaluation process. The process is designed to ensure that a product behaves as documented but it is NOT a source code scrub for buffer overflows, coding errors or other issues (The fact that MS Windows products are evaluated at EAL4 should make this point painfully obvious!).

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123