My colleague, Eric Bidstrup, has posted a thought provoking commentary about the Common Criteria. I think it’s fair to say Eric is simply voicing what a great many people think about the (lack of) value of CC.
I think I’m a girl-elf in this, however!
David has an interesting counterpoint post to my SDL post this morning. As expected he makes some valid observations.
I just posted an article about the SDL goals over on the SDL blog. http://blogs.msdn.com/sdl/archive/2007/12/17/security-is-not-all-about-security-updates.aspx