Bingo! Well, a mix of Windows, Linux (esp Red Hat), and Solaris (optionally with trusted extensions). All low-assurance operating systems with history of 0-days plus current ones for at least Windows and Linux. It's not like they didn't know it was coming. High-assurance field, including pioneers in INFOSEC, warned them over and over.
Bad news is they have methods today that work better that they could build on. They recently canceled them in favor of a new program with something like a 90-day evaluation. Something short. I remember reading the protection profiles to find the assurance argument required is EAL1: one so low we thought they'd cancel it. Things will only get worse.
Bingo! Well, a mix of Windows, Linux (esp Red Hat), and Solaris (optionally with trusted extensions). All low-assurance operating systems with history of 0-days plus current ones for at least Windows and Linux. It's not like they didn't know it was coming. High-assurance field, including pioneers in INFOSEC, warned them over and over.
http://lukemuehlhauser.com/wp-content/uploads/Bell-Looking-B...
http://hack.org/mc/texts/classic-multics.pdf
https://web.archive.org/web/20040214043848/http://eros.cs.jh...
Bad news is they have methods today that work better that they could build on. They recently canceled them in favor of a new program with something like a 90-day evaluation. Something short. I remember reading the protection profiles to find the assurance argument required is EAL1: one so low we thought they'd cancel it. Things will only get worse.