Friday, June 18, 2021

Linux Goes Under Security Microscope

With doubts lingering over the stability and security of the Linux operating
system, three tech heavyweights on Thursday announced plans to seek federal
certification for the fast-growing open-source OS.

The three firms — IBM Corp. , Oracle
and Red Hat IBM, which has banked
heavily
on mainstream acceptance of Linux, said it would work with the
open-source community to enter the Common Criteria certification
process
early this year. IBM’s plans include winning federal
certification for Linux at increasing security levels through 2003 and 2004.

Through its Linux Technology Center, IBM said it would invest heavily to
enable Linux for Common Criteria certification across its eServer platforms,
and will fund initial evaluations in 2003.

Common Criteria certification for Linux is seen as a crucial first stem
to win commercial approval for Linux among government clients. The U.S.
federal government CC approval for any IT product used in national security
systems.

IBM’s move comes on the same day Oracle and Red Hat announced plans to
submit the Red Hat Linux Advanced Server for a Common Criteria (ISO 15408)
evaluation at Evaluation Assurance Level (EAL) 2. Red Hat, which dominates
the market for Linux, said the move would enable security-conscious
customers in both the public and private sector to procure an evaluated
Linux platform and run
their enterprise software on a secure Linux operating system.

“In the future, Oracle and Red Hat intend to work toward achieving
higher-level security evaluations of the Linux operating system,” the
companies said in a joint statement.

By submitting Red Hat Linux Advanced Server for evaluation, the two
companies hope to dispel concerns among potential customers looking for a
reliable alternative to Microsoft’s Windows operating
system.

“Further, systems integrators and independent software vendors, and
independent hardware vendors will benefit from the evaluation by being able
to provide a competitive offering on the Linux platform to potential
customers who require evaluated products,” the companies said.

Once the CC scrutiny is complete, Oracle and Red Hat said the security
evaluation would be made available to the larger open-source community to
allow Linux providers to distribute an evaluated Linux operating system.

The long-term aim is to get Linux to comply with the U.S. government’s
security policy directive, NSTISSP (National Security Telecommunications and
Information Systems Security Policy) number 11, which requires independent
security evaluations for products used in national security systems.

Similar articles

Latest Articles

GDPR Compliance & Requirements...

The General Data Protection Regulation (GDPR) has positioned itself as one of the strictest laws for the privacy of consumer data, and it's still...

HIPAA Compliance & Regulations...

The Health Insurance Portability and Accountability Act (HIPAA) is one of the most well-known pieces of legislation in health care and related industries. But...

Top Data Visualization Tools...

The amount of data generated and consumed by organizations is growing at an astounding rate. The total volume of data and information worldwide has...

The Data Capture Market

Data capture is the process of collecting, ingesting, or otherwise acquiring structured and unstructured data and either converting it into a data format usable...