600.436 High-Assurance Systems
Fall 01/Introduction
3
Two Paths to Assurance
¨Unconstrained search for vulnerabilities
–Intrinsically subjective
–Depends entirely on evaluator competence & credibility
–No completion criteria
¨Compliance Validation against established requirements
–Can be repeatable and reproducible and thus somewhat objective
–Depends on both evaluator competence & credibility and use of specified compliance validation approach
–Clear completion criteria