hallam@w3.org writes:
I think that c2 is possibly the limit of orange/red bookishness that is reasonable to work to. It is not a trivial level of security however, UNIX despite all the claims has never been shipped as C2 secure as standard by a mainstream vendor. Even requirements involving trivial effort but which are extreemly important such as the writing of a users security guide have never been taken seriously on any of the UNIX platforms on which I have worked.
A slight correction: SCO shipped the C2 version of their Open Desktop 1.1 as the standard (in fact, only) version a few years back. The howls of outrage from their customer base (due to the non-standard-Unix behavior) caused them to back off in the next major release. Last time I tried to install their software, C2 had been made an option. (Of course, AFAIK, they never actually completed a C2 evaluation.) -- Jeff