Red Hat, Oracle to get Gov't Certification for Linux

Mark writes "As this news.com article states, 'Red Hat and Oracle plan to announce on Thursday that the companies have teamed to get Linux evaluated under the Common Criteria, a certification that could open doors for the broader use of open-source software by government agencies.' It looks like this will be an important step in getting Linux to be more widely adopted in governments around the world."

Is Larry making a stand?

[mj01nir]

"We are going to use Unix and Linux as the evaluation platforms for our products in the future, and not Windows, because the customer demand for Windows is not there," she said. "Frankly, there is a fair amount of disenchantment with Microsoft products because of security problems." ... said Mary-Ann Davidson, chief security officer for Oracle.

Wow. I knew Larry hated Bill and MS, but I sure wouldn't have expected this! Or is he just conceding the Windows server database market to Bill and trying to grow the Linux market on the low end + the UNIX market at the higher end?

Hmm...

Re:Is Larry making a stand?

[The_Dougster]

No doubt. Oracle really is a great product. Expensive as shit, but worth it if you need it. My previous employer ran it on Windows for some reason, but why is totally beyond me. Windows is such a secretary's OS. If MS had kept Xenix then they would be a contender, but the very fact that they dropped it years ago shows that they are clueless.

I'm not a MS basher by nature, but rather from experience. I have endured over 10 years of crashy shitty programs that were developed for their sucky OS and I just can't deal with it anymore.

At work, I probably know more about MS Windows than anybody else, but if anybody asks me for help I shut them down and tell them to call the IT department. I simply do not have the time or inclination to help a company which has caused me so much grief. Ask me a Linux question and I will help you all day, ask me a Windows question and I will tell you to call MS Tech support.

Recession can be Good Thing

[Herkum01]

Sometimes it takes something that has a drastic economic impact to for people to seriously look at alternatives. Linux is gather momentum at just the right time, I believe. Everyone has financial problems, and is looking for cheaper alternatives. Linux packages are hitting that point which say "We're professional software." These sort of certifications which add reinforce to that reputation.

Linux has a bright future ahead.

Not quite...

[LordZardoz]

They are working together to convince a potential customer that their collective product is worth buying.

Getting the US Government to start buying Linux based solutions gives them more potential customers. I would guess that is a given that if it is certified for government use at the federal level, that it becomes a legitimate product for the state governments as well.

Besides, how is this different from say, IBM and Sun working together to promote Java?

END COMMUNICATION

Re:Hypocritical?

[Roofus]

Isn't this the same thing we criticised [slashdot.org] when Microsoft was certified and ...

Isn't this practically the same post that got modded up the first time we saw this article?

Re:Hypocritical?

[Odin's+Raven]

Isn't this the same thing we criticised when Microsoft was certified and said that if they made it through, it must be hopelessly inadequate certification process? Now the Linux is involved, it's suddenly a good thing?

Isn't this the same question that someone asked when the same story was posted yesterday?

The answer remains unchanged 24 hours later. No, it's not the same certification.

A bit of MS bashing is fine, but this is taking it a bit far for me.

Hmmmm...duped question for a duped article from someone thinking that there's such a thing as "taking it a bit too far" when it comes to MS bashing on SlashDot.

Dude, stop drinking that decaf stuff -- it's obviously slowing your cognitive processes down. Take two expressos and try again in the morning. (If you're lucky, this article'll be posted for the third time by then. :-)

Well...

[ackthpt]

the companies have teamed to get Linux evaluated under the Common Criteria

If Outlook, SQL Server, IIS or any other Microsoft product which has been riddled with holes have been certified, I'd say this isn't much of an endorsement. If Microsoft hasn't achieved any such ceritification, for products listed above, than you have a point about it opening doors.

For good and for bad (for Microsoft in particular) they are the benchmark for software as a commodity. Expect some writhing in the vicinity of Redmond.

Encouraging step.

[dwheeler]

I take this as an encouraging step, especially since they note that the final goal is to certify both Oracle and the underlying GNU/Linux system at EAL 4. This sort of thing makes it much easier to deploy GNU/Linux widely in governments; it will be much easier for governments to base operating system acquisition decisions based on factors like functionality, cost, flexibility, and lock-in.

The article is very short on details, though. Starting small (EAL 2) is probably a good idea - especially since I know of no open source software / Free Software that's gone through a full, normal Common Criteria evaluation (so it would be a first test case). EAL 4 only measures the evaluation effort - it doesn't specify what security functions will be evaluated (nor what threats, assumptions, organizational security policies, configuration, etc. will be used). Hopefully Oracle and Red Hat will include security functions based on a widely-accepted "Protection Profile" (a document that specifies what the users want, including the threats to be countered and the security functions that need to be provided). Currently, the U.S. DoD strongly encourages only purchasing products that have been evaluated to meet not just an EAL level, but meet a "government-approved" PP.

Evaluations are specific to a particular configuration, so this would mean that those who need the evaluated version would need to get the Red Hat distribution named here - not the inexpensive version used by many. That's a side-effect worth noting.

Re:Frankly...

[jeff4747]

The NT crap comments arose because NT only got CC it's certification _without_ a network connection.

And as for the other point, wouldn't level 2 be a step towards level 4? Ya gotta start somewhere, and level 2 opens a lot of doors.

Re:RHAS again?

[nathanh]

Simply plugging in a $800/server/year cost into most of the TCO studies I've seen makes Windows look like a bargain.

Huh?

1. RHAS is free. The added professional services cost $800 but the whole CD is GPL. Read this (http://www.redhat.com/software/whichlinux.html):

Advanced Server is sold through a one-year subscription and it does have a licensing agreement. But before you mention the "p"-word ("proprietary"), understand that the code is open and protected by the GPL license. It's not proprietary. We're licensing the services, not the software. The source code files can be downloaded by anyone, and you still have the right to use the software after the license and services expire.

2. A Windows Cluster with SiteServer and SQL Server can cost upwards of $20,000. I don't see how this is a "bargain" compared to $800.

Where is PostgreSQL?

[axxackall]

Why Oracle? What's happened to so-called RedHat Database? RedHat Database was actually PostgreSQL, just renamed for marketing purposes. What's happened to it? Was it dropped by RedHat? Or now RedHat Database is Oracle, just renamed for marketing purpuses? Or should we soon expect Oracle Linux - RedHat Linux just renamed for marketing purposes?

Many questions, no answers.