Slashdot Mirror
Red Hat, Oracle to get Gov't Certification for Linux
Mark writes "As this news.com article states, 'Red Hat and Oracle plan to announce on Thursday that the companies have teamed to get Linux evaluated under the Common Criteria, a certification that could open doors for the broader use of open-source software by government agencies.' It looks like this will be an important step in getting Linux to be more widely adopted in governments around the world."
It's good to know the US Government is catching up technologically with the Germans...again...
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
Thanks for being frank. This should be a wake-up call for all slashdot users.
--sex
Very popular slashdot journal for adul
"We are going to use Unix and Linux as the evaluation platforms for our products in the future, and not Windows, because the customer demand for Windows is not there," she said. "Frankly, there is a fair amount of disenchantment with Microsoft products because of security problems." ... said Mary-Ann Davidson, chief security officer for Oracle.
Wow. I knew Larry hated Bill and MS, but I sure wouldn't have expected this! Or is he just conceding the Windows server database market to Bill and trying to grow the Linux market on the low end + the UNIX market at the higher end?
Hmm...
the no
And the world can see what the DoD are using. I'd love to submit patches to the armed forces.
http://pcblues.com - Digits and Wood
RHAS is free...They don't provide an iso for you, but check their website, they do provide step-by-step instructions on how to "create" a RHAS installation for free.
But for those that want service and don't want the hastle of putting all the pieces together they also provide a nice package.
As far as windows a bargain, how much does quality node-balancing software cost (~$500), Quality Firewall (~$300), Advanced Server ($750), I could keep going but I think you get the picture. If you don't need HA then RHAS isn't a great deal, but then again if you do, MS doesn't have a competive product...say what you want about 2000&XP (big improvement over NT&9x), you can't call them HA.
BTBTBT
scooby
The companies plan to first push Red Hat Linux Advanced Server for a modest level of certification: Evaluation Assurance Level (EAL) 2.
Sheesh... How much pushing does RHAS need?
Sometimes that all a company look's at is certification levels. I have a friend that runs a software development company. They cannot get any big jobs because they lack a software process certification. It does not say that they are great programmer's or effective, it just says, "Hey we went through this process and this is the type of service that we provide."
It is is the same thing with certain types of software. If you don't have the correct certification, certain agencies and businesses cannot even consider doing business with you. They would not go through these hoops if they don't not believe that they would get somewhere
The Common Criteria is of the fashion:
"I have this product. I am going to tell you what it does in a security-related context. You can take this checklist, test my product, and certify that it does in fact do these things."
There is no security implied by the certification. It is a recommendation from the vendor of what the product is best used for when the customer is shopping for products to do certain security-related tasks. The vendor makes the checklist, a third party says "yay" or "nay", the customer says "i need a product that does X, Y, and Z. Windows does X, HP-UX does X and Y, and this one all three, plus it will help my sex life". Or something similar, anyway.
These things can be as simple as "userA cannot access userB's files" to "enforces complex passwords" to "has the biggest crazy ass firewall known to man". Well, maybe not that last one...
Now y'all can go back to shootin' your mouths off.
--mandi
This is not a dupe. The story from yesterday is about how the DoD has certified RedHat server as a common operating environment. This story talks about how IBM and Oracle are attempting to get Linux certified on a wider federal level so that agencies can be permitted to use it. They are two different certifications and two different issues and hence two different stories.
I'm always amazed by the number of clarivoyant slashdot users we have around here who don't need to read a story before posting...
If religous zealots don't believe in Evolution, then why are they so worried about bird flu?
The quality of the test doesn't matter at all - if MS passed, it could have been better. But that doesn't make it any less interesting to have Linux pass the test to show those who really (have to) use such certifications in decision-making that Linux is an option.
People that have to make such decisions are also a lot safer by choosing certified products; if something goes terribly wrong, you can always say that the product you choose was has some "official" certification upon which you based your decision and you're pretty safe. If it goes wrong and you don't have any such paperwork to fall back on, you're definately in a much weaker position explaining why you didn't choose the "safer" product to someone that doesn't know the difference between product A and product B and only sees "product A is certified, product B isn't". It's just that maybe you and I know that Linux is often a better choice but an incredible lot of other people don't.
0x or or snor perron?!
Yesterday's article was about RH 8 AS getting DISA (Defense Information Systems Agency) DII (Defense Information Infrastructure) COE (Common Operating Environment) certification. Todays' certification article-o-the-day is about RH 8 AS getting Common Criteria EAL (Evaluation Assurance Level) 2.
Yeah, to the uninformed, it looks the same. But (A) DII COE is specifically a US DoD certification, whereas CC EAL is an international certification (administered in the US by NIST--National Institute of Standards and Technology); and (B) The article about RH's EAL certification also extensively yatters on about Oracle 9i, whereas the RH COE article doesn't.
So in conclusion, this is an erroneous dupe sighting. Nothing to see here, move along.
Welcome to the Panopticon. Used to be a prison, now it's your home.
um, the NSA has already modified linux (the kernel) so that it will meet their standards. redhat is named as a tested distro...see this for details. The biggest problem is that the US government seems to think that they must rely on M$ software (in the unclassified environment at least) for things like exchange and ease of use for the "typical" user.
this is simple posturing at it's finest. of course...the government's high performance systems (read clusters) aren't running windows anyway. this won't change anything.
-frozen
I'm not always the brightest pixel in the stream
This is a good thing as the US DoD uses ADA95 for most everything AFAIK and the GNAT compiler works just dandy with Linux. This is what DoD needs, an inexpensive, yet totally robust system which they can put unleash the military programmers on.
A good example is BRL-Cad which is available for free download by US Citizens. This is a nice OpenGL capable solid modeler, somewhat clunky, but probably better than any other free CAD program available for Linux right now.
I'm a veteran of the US Military, and I think that Linux is a great choice for them, since they have the capability to provide cheap, effective, and efficient training about their computer systems to all the members of the armed forces. The US Military could easily train several million service personnel to be effective Linux programmers in a quite short period of time.
And of course, as a taxpaying citizen, I want my armed forces buying the best weaponry, not lining some 2-bit computer software vendor's pockets, especially when those vendors undermine the rights of the citizens by channeling that money back into lobbying for laws like the DMCA.
This is where RedHat shines. I use Debian myself, but Debian is too chaotic to apply for these certifications; however, RedHat could make a killing by supplying the US Government their software, and since Linux is Linux is Linux, this gives my government the state of the art software: it is secure, it is robust, it is inexpensive, and it is the best development environment in the world!
Clickety Click
I worked for an ISO9002 certified company before (York International) and my boss told me the crap behind the cert with ISO also. Basically companies won't do business with you if you're in manufacturing and don't have your ISO cert. The only thing ISO really requires is that your processes are fully documented in specific ways. You could build a product that doesn't fuckin' work and still be ISO certified as long as the docs are there.