RE: PD 0126: Administrator-entered Code Used To Meet SFRs
On Fri, 14 Apr 2006 13:38:54 -0400 (EDT), "Williamson, Robert L. Jr."
> In my opinion, there is a greater risk with the first scenario than with
> the second one. So why is the first acceptable and the second some sort
> of slippery slope? Furthermore the fact that there is a slippery slope
> concern, shouldn't this ultimately be a team decision.
I think these are some key points. But sometimes when you say "team decision",
the question arises: what team? Ideally, the evaluation team and the
validators are in agreement, but sometimes they read the same words
differently. When that happens, an OR is created and the issue is raised for
resolution. That's what happened here.
> This discussion sound like TPEP all over again. I remember multi-year
> evaluations that took 4, 5, 6, years or longer; and endless debate was a
> time contributor. Well we all know what happened to TPEP, so maybe CCEVS
> will solve the problem of long debates that cannot point to the
> requirement that is being debated in the same way.
Luckily, the debate you are seeing is independent of the resolution for the
evaluation. The OD gives the answer for that evaluation. The PD is simply an
attempt to get the long-term answer right, and I think all the contributions
to this discussion are providing useful information.
Date Index |
Thread Index |
Problems or questions? Contact firstname.lastname@example.org