@inproceedings{e8b16d1fde1f4defb55d6082c321c595,
title = "A quantitative analysis of common criteria certification practice",
abstract = "The Common Criteria (CC) certification framework defines a widely recognized, multi-domain certification scheme that aims to provide security assurances about IT products to consumers. However, the CC scheme does not prescribe a monitoring scheme for the CC practice, raising concerns about the quality of the security assurance provided by the certification and questions on its usefulness. In this paper, we present a critical analysis of the CC practice that concretely exposes the limitations of current approaches. We also provide directions to improve the CC practice.",
author = "S.P. Kaluvuri and M. Bezzi and Y. Roudier",
year = "2014",
doi = "10.1007/978-3-319-09770-1_12",
language = "English",
isbn = "978-3-319-09769-5",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "132--143",
editor = "C. Eckert and S.K. Katsikas and G. Pernul",
booktitle = "Trust, Privacy, and Security in Digital Business (11th International Conference, TrustBus 2014, Munich, Germany, September 2-3, 2014. Proceedings)",
address = "Germany",
note = "conference; 11th International Conference on Trust, Privacy, and Security in Digital Business; 2014-09-02; 2014-09-03 ; Conference date: 02-09-2014 Through 03-09-2014",
}