Cyber Security Institute

Friday, September 24, 2004

Linux firms join forces on security

A consortium including Mandrakesoft, the Paris-based Linux seller that recently exited bankruptcy protection, has won a three-year contract worth 7m euros to improve Linux security.

Mandrakesoft, joined by Bertin Technologies, Surlog, Jaluna and Oppida, will boost Linux so it meets the Evaluation Assurance Level 5 (EAL5) of an internationally used security certification called Common Criteria, the companies said onThursday.  The certification is particularly important among military and government customers; the French Ministry of Defence is funding the project.

The EAL5 certification level is significantly higher than what current versions of Linux have attained.  Red Hat reached EAL2 in April and EAL3+ in August, while Novell’s SuSE Linux reached EAL3+ in January.  Those companies, which dominate the commercial market for the open-source operating system, are working on higher certifications in conjunction with IBM and Oracle.

Mandrakesoft will release the fruits of the work as open-source software when the project is done, the company said.

Microsoft’s Windows, Sun Microsystems’ Solaris, Hewlett-Packard’s HP-UX and IBM’s AIX all have EAL4 certification.

EAL5 certification is rarer; one company to attain it is IBM, with the technology that lets its z900 and z990 mainframes be divided into independent, isolated partitions.

http://news.zdnet.co.uk/0,39020330,39167716,00.htm