The DoD was using a directive that was developed between 1977 and 1981. Published in 1983 and the latest update came out in 1986. In 2002, 21 years later it came into effect (!) it was cancelled by another DoD directive and in 2005 they switched completely over to a civilian industry standard (Common Criteria).
Yepp, I've started working on my doctorate. This information is really dry, but in a certain fashion is fascinating. The 30 years old DoD directive I'm reading right now sounds still frighteningly up-to-date. Did nothing fundamental happened in the last 30 years in developing secure software systems at all?
In case you're interested in the topic, and feel like reading the articles check these links out:
- DoD 5200.28-STD: Trusted Computer System Evaluation Criteria
- Army Regulation 380–19: Information Systems Security
- Common Criteria for Information Technology Security Evaluation
No comments:
Post a Comment