Developer's view on software components evaluation

Abstract:

The application of Common Criteria evaluations is not quite uniform at the moment. It is well understood that a "product" may be evaluated and receive a certification. Later, this product may become part of a secure system. The systems are mostly not evaluated. Neither are the smaller parts – components of the products. This paper explains the developer's view on the evaluation of components of the product, especially the software components.
Essentially, the developer would like to see the evaluations performed more uniformly starting from components and all the way to the system level. Due to the complex nature of the software when compared to the hardware this requirement is more essential for software components of a products. The discussion centers on the smart card software and the ways to ensure the security of the final product through the use of certified software and hardware components.