Jim Thompson wrote:
> On Mar 23, 2005, at 12:04 PM, Sancho2k.net Lists wrote:
>> Chris Buechler wrote:
>>> If anybody is willing to pay the $25K USD per classification per year
>>> to certify it, I'm sure it could be done. The only certified
>>> firewalls on their list  are commercial, since no open source
>>> project has the cash for certification.
>> Or since no one really cares?
>> I see too many products on their list that meet their criteria that I
>> wouldn't touch with a 40-foot pole. It reminds me of the security
>> criteria that OS vendors are expected to meet in order to be certifed
>> on one of the U.S. government's various security safe lists. When I
>> don't see BSD on the list but I do see Windows 2000 I have a hard time
>> taking it seriously.
> ICSA is one of those remnants of the "firewall wars", circa 1995 or so.
> (Netgate was originally the name
> of the firewall/ipsec product that smallworks(.com, now my blog) produced.)
> Likely that if you want to sell to corporations, you'll want it. If
> you're inside the corp, deploy m0n0 (or pfsense) and be done with it.
I was the one who started the movement to have m0n0 ICSA certified
sometime ago. I got all the specs needed by ICSA and developed a bunch
of patches to make m0n0 (1.1) get it. The problem was discussed a lot in
this mailing list. I had the money to start it (U$ 50k), but to
acomplish that, there should happen some modifications on the project
directions, and Developers didn't want some of them. My intent never was
to start a new fork, so I gave up.