Thanks Patrick, > Assuming "security+evaluation" refers to Common Criteria, Common Criteria is one, but not necessarily the only type of security evaluation. Often times organizations with resources will perform an evaluation against its own standards before adopting or accepting a system. I was hoping the project had an evaluation from past reviews it could share.
> Re "asterisk+architecture", Asterisk Security related best practices are > described here: > http://svn.asterisk.org/svn/asterisk/trunk/README-SERIOUSLY.bestpractices.txt Ah, OK thanks. Is there anything that includes the development process? I'm interested in the secure development items and testing. Jeff On Sat, Jul 26, 2014 at 9:18 AM, Patrick Laimbock <[email protected]> wrote: > On 26-07-14 14:23, Jeffrey Walton wrote: >> >> Does anyone know of Security Architecture or Security Evaluations >> documents that I could read? >> >> Searching is turning up no hits. For example, >> http://www.google.com/#q=security+evaluation+site:asterisk.org and >> http://www.google.com/#q=security+architecture+site:asterisk.org. > > > Assuming "security+evaluation" refers to Common Criteria, I'm not aware of > any Common Criteria initiatives in relation to Asterisk (nor FreeSWITCH, > OpenSIPS, Kamailio, Yate or any other Open Source VoIP project I'm aware > of). Asterisk is a toolbox with many flexible building blocks and not a > product like Cisco CallManager with pre-defined features set in stone. As > such it doesn't really make sense to get Asterisk certified, if possible at > all. It would be like trying to certify C or Python. If EALx certification > is your requirement then have a look at the CallManager as iirc it's EAL1 > certified. > > Re "asterisk+architecture", Asterisk Security related best practices are > described here: > http://svn.asterisk.org/svn/asterisk/trunk/README-SERIOUSLY.bestpractices.txt > -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
