Trusted systems are systems that have been certified to meet
some set of standards with regard to their design, implementation, and
operation. Examples include systems and components approved by a
certification body under a published criteria and standard implementations
used for a particular purpose within a particular organization. While these
systems tend to have more effective protection than systems that are less
standard and not certified, the aura of legitimacy is sometimes unjustified.
Complexity: The certification process introduces substantial complexities
and delays, while the advantage of standardization comes from an economy of
scale in not having to independently verify the already certified properties
of a trusted system for each application.
fc@red.a.net