zsmi
commented
9 years ago Have you looked at the comment from Citrix on this issue? I think they make a good point on how this can be changed to not be subjective.
Closed kgal closed 9 years ago
zsmi
commented
9 years ago Have you looked at the comment from Citrix on this issue? I think they make a good point on how this can be changed to not be subjective.
kgal
commented
9 years ago Changed such that developers much provide justificaiton and evaluators much check justification.
Microsoft and Acumen (and others?) questions whether FDP_DEC_EXT.1.3 requiring evaluators to make a judgement on whether an application needs all the privileges it requests is too subjective objective. It is subjective, but we don't really have another way. Are we standing by this?