Martin <not-for-mail@example.com> wrote:
> The problem is that some customer projects have regulatory constraints that
> *mandate* the use of Common Criteria certification.

Which regulatory constraints are they? I've worked on a number of products
that have been CE and FCC (among the other usual suspects) approved, but I
can't say I ever encountered ``Common Criteria'' in the relevant bibles.

> So not only must the OS be secure, but also the project must show the
> regulator that all required security functionality has been tested by a
> certified external assessor. The problem here is cost, especially if no
> previous BSD release has been evaluated in this way before.

Approval is expensive... BSD is a Unix-style operating system. Many of the
operating systems you mention that have been approved derive more or less
substantial portions of their code from BSD. Since BSD has not been standing
still since those derivations happened, I would be quite confident that BSD
would be pass approval provided some details are checked.

- Philip

--
Philip Paeps Please don't email any replies
philip@paeps.cx I follow the newsgroup.

Mynd you, m00se bites Kan be pretty nasti ...
"Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD