Information Security News mailing list archives
Security limits Linux in government
From: InfoSec News <isn () C4I ORG>
Date: Wed, 2 Aug 2000 05:14:35 -0500
http://www.fcw.com/fcw/articles/2000/0731/web-linux-08-02-00.asp BY Bruce Tober, LinuxWorld 08/02/2000 RELATED LINKS The biggest threat to Linux becoming the software of choice in government circles is that there is no third-party verification, certification or evaluation of it, Linux devotees were told last month. The operating system also fails to meet Common Criteria (CC) requirements an international agreement and protocol regarding security criteria according to Linda Walsh, a member of Silicon Graphics Inc.s Trust Technology group. Walsh spoke at the U.K. Unix User Group Linux 2000 Developers Conference held July 7-9 in London. "Functionally, Linux lacks the ability to audit [all security-relevant events] to meet the functional requirements of the Common Criteria Controlled Access Protection Profile," Walsh said. Linux lacks security procedures to specify which users are allowed to send or receive information from others, she added. "Governments require assurance and third-party evaluation of trusted systems before they will consider them safe to store or process government data," she said. Nevertheless, France reportedly is close to passing a law making open-source code specifically, Linux obligatory for applications used by the governments computer systems. Walsh speculated on the U.S. governments wariness about Microsoft. "The fact that [Windows] is closed source and [the government is] at the mercy of such a large and dominant vendor such as Microsoft would seem to be a national security risk," he said. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Security limits Linux in government InfoSec News (Aug 02)