NIAP

  1. Version 1.2 of the Application PP

    On October 25 version 1.1 of the Application Software Protection Profile (PP_APP) will sunset. It is being replaced with PP_APP version 1.2. Like its predecessor PP_APP 1.2 is aimed at mobile, server and desktop application software. It is meant to be used in conjunction with Extended Packages (EPs) for more specialized applications. EPs that currently Read More…

  2. The Email Client EP

    The email client extended package (EP) hasn’t received much attention since it came out. Originally released as a stand-alone protection profile (PP) in 2014, it was rewritten as an EP for the Application Software PP in 2015. At this point it has been out for over a year without any evaluations on the Product Compliant Read More…

  3. Revisiting W^X with OpenBSD 6.0

    Overview OpenBSD 6.0 was released today, and with it some exciting new security features.  From my perspective, the chief among them is the technical enforcement of W^X in user-land. Since moving to a technical control rather than a policy statement for enforcing executable space protection was a result of discussions caused by my last blog Read More…