Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

IBM earns Linux certification

From: InfoSec News <isn () c4i org>
Date: Thu, 7 Aug 2003 02:34:44 -0500 (CDT)
Forwarded from: William Knowles <wk () c4i org>

http://www.fcw.com/fcw/articles/2003/0804/web-linx-08-06-03.asp

By Rutrell Yasin 
Aug. 6, 2003

The door just got a little bit wider for Linux to be used by 
government agencies for mission-critical systems now that IBM Corp. 
has earned security certification for the open-source operating 
system.

IBM and SuSE Inc. Linux have achieved Common Criteria security 
certification for SuSE Linux Enterprise Server 8 running on IBM 
eServer xSeries. The Common Criteria are internationally recognized 
standards used by the federal government and other organizations to 
assess the security of technology products.

"Definitely one of the obstacles that blocked lots of government folks 
from using Linux" has been removed, said John Pescatore, a vice 
president at Gartner Inc. Now Linux will be used more often for vital 
systems, he said.

The current level of security in Linux has been sufficient for IBM's 
150 government users that have deployed the open-source operating 
system, said Scott Handy, director of Linux software solutions for 
IBM. Many of those customers use Linux as an alternative to Microsoft 
Corp's. Windows operating system to run general-purpose office 
applications. But some have more stringent security requirements, 
which IBM can now meet by earning Evaluation Assurance Level 2 (EAL2) 
certification, Handy noted.

The certification is a milestone because "many thought open-source 
[software] could not pass the [rigorous testing] of the Common 
Criteria," Handy said.

IBM and SuSE have applied for a higher level of security certification 
for Linux, the Controlled Access Protection Profile with EAL3 that 
will be available for IBM eServers. By year's end, the companies also 
expect to meet the Defense Department's Common Operating Environment, 
a set of military requirements for technology products.

 

*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
================================================================
Help C4I.org with a donation: http://www.c4i.org/contribute.html
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: