On March 7, 1991 we installed the ConvexOS/Secure operating system. The FEL
was the ß-test site for this operating system version. We gave reports
on regular basis on our findings. A number of security problems and leaks were
found by us and reported to Convex for correction. The culture differences between
the US and Europe became very obvious in this process. Security problems that
we found in the networking area with telnet and ftp were not solved. The Trusted
Computer System Evaluation Criteria (TCSEC)
C2-security level required only a secure batcjh environment ("no terminals attached").
Our mindset is one in which all related security problems have to be solved
whether or not the formal TCSEC evaluation requires this or not.
By the way, one of the security holes we found in ftp was corrected by various computer vendors after we reported it to them giving a solution at the same time. Early 1998, the problem was reported to the secure-ftp working group of the Internet Engineering Task Force (IETF).
The CONVEX C220 mini-supercomputer with two CPUs;
later expanded to a C230 with three CPUs.
In September 1992, we accepted the C2-secured version of the Unix operating system. In October 1992, we presented our findings and experience with security and ConvexOS/Secure to the first European Convex users conference which was held in Hamburg, Germany.