The United Kingdom has also developed a number of alternative systems that show that the delays, costs and overheads of mutual recognition hinder the functioning of the market: in a 2006 research, computer scientist David A. Wheeler suggested that the commona criteria process discriminates 1.00 open-source and open-source (FOSS) organizations and development models. [6] Common Criteria`s general selection requirements are generally inspired by the traditional method of developing stunt software. On the other hand, many FOSS software are produced with modern agile paradigms. While some have argued that the two paradigms are not well coordinated,[7] others have tried to reconcile the two paradigms. [8] Jan Kallberg, a political scientist, expressed concern about the lack of control over the actual production of products once certified, the lack of a permanent body to monitor compliance with these products, and the idea that confidence in Common Criteria`s computer security certifications should be maintained beyond geopolitical boundaries. [9] CC is the engine of the broadest mutual recognition of secure computer products. This web portal provides information on the state of CCRA, CC and certification systems, licensed laboratories, certified products and related information, news and events. The evaluation process also attempts to determine the trust that can be placed in the product security features through quality assurance processes: several versions of Microsoft Windows, including Windows Server 2003 and Windows XP, have been certified, but security patches to create security vulnerabilities are still published by Microsoft for these Windows systems. This is possible because the common Criteria certification process allows a supplier to limit the analysis to certain safety features and to make certain assumptions about the operating environment and the strength of the threats to which the product is exposed in that environment. In addition, the CC recognizes the need to limit the scope of the assessment in order to provide low-cost and useful safety certifications so that the products evaluated are reviewed to a level of accuracy defined by the level of reliability or the PP.
Evaluation activities are therefore conducted only to a certain degree of depth, use of time and resources and provide adequate security to the environment envisaged. The German system for certifying the common criteria of the Federal Office for Security in Information Technology (OSI) has defined in its system, in the national and European context, its policy for the use of collaborative protection profiles (CPPs), taking into account the ratification of the revised CCRA. International mutual recognition of certificates under the terms of the CCRA is based on assessments that require compliance with CPPs or rating insurance standards 1 to 2. SOGIS-MRA members mutually recognize certificates up to Level 4 or higher insurance assessment for defined technical areas. BSI continues to work on a protection profile for operating systems run on server and desktop systems. These packages and their extended packages are submitted to an international working group. The aim is to enable product safety based on market security needs. Insurance stems from the operating environment of the systems and the need to protect the data processed. Operating systems are basic technologies, some of which are used in sensitive areas.
