by Yukie Higaki (Illustrator), Wesley Hisao Higaki (Author)
The Common Criteria may be one of the best kept secrets of the computer security world. It was designed to provide customers assurances that the products they purchase have met a level of security. It is an international standard ISO 15408, but its arcane nature and complex process have been adopted primarily by governments. Commercial product vendors wishing to sell IT product to these governments are faced with learning this exotic language and navigating its labyrinthian evaluation process. This book provides practical guidance based on years of real-world experience to vendors brave enough to venture into this realm.Learn how to: - Interpret the Common Criteria language and requirements- Prepare for and navigate through the product evaluation process- Create effective evidence documentation- Avoid the pitfalls that waste time and money- Follow the best practices from the expertsThis book is a "must read" for anyone who needs to execute successful, efficient, cost-effective Common Criteria product security evaluations.
Author Biography
Wes Higaki is the chair and co-founder of the Common Criteria Vendors' Forum (CCVF). The CCVF is an informal group of individuals that work for commercial product companies. They gather to discuss issues and to serve as the "voice of industry" to the Common Criteria development process. As the former director of the Software Assurance, Wes coordinated the efforts of Symantec Corporation to ensure the secure development of software products. This included managing the company's internal secure software development and test training, threat modeling and penetration testing. He also oversaw the vulnerability management function that ensured that vulnerabilities discovered in Symantec products were quickly and efficiently corrected. He served as a spokesman addressing software assurance issues and has been an invited speaker at several conferences. Finally, he was responsible for product certifications to provide customers additional assurance through independent third-party evaluations. He oversaw all of Symantec's Common Criteria, FIPS-140 certifications and ICSA testing. He had led a working group through the National Cyber Security Partnership to develop plans to improve the Common Criteria by working with industry and Government. He co-led the Product Certifications working group in the International Technology Association of America (now TechAmerica). He represented Symantec on the SAFECode technical committee and the Computer Security Industry Alliance (CSIA - now part of TechAmerica). Wes has over 30 years of technical and managerial experience in the software industry. He was with Symantec since the December 2000 acquisition of Axent Technologies where he was an engineering director. Prior to Axent, Wes worked for over 20 years in R&D at Hewlett-Packard Company including 7 years at Hewlett-Packard Laboratories. Wes received a Bachelor of Science degree in mathematics from the University of California, Davis and a Master of Science degree in computer science from the University of Santa Clara.