Frequently Updated TOEs. Is Continued Assurance Possible? (S30a)
We live in a high-speed world. Some security products have to change daily, to provide reliable security functions. Operating systems have to apply patches for their and 3rd party libraries, to fix vulnerabilities and problems. All this aligns rather poorly with the concept of fixed certified TOE. Certain workarounds exists now but is there a way we can create a process that merges evaluation and development, and reduce time-to-deployment for certified fixes to days instead of months? The speaker will present some options of how this can be possibly done.