Red Hat Pushes For CC Certification By Year's End
Ridgelift writes "This article indicates Red Hat Linux is about to receive certification under the Common Criteria (CC) Scheme worldwide. This has been a long road for Red Hat, and 'once successfully certified in the UK, Red Hat products will be recognised as certified and approved by information security agencies from all 19 countries participating in the Common Criteria program.' This means Red Hat will sit alongside Sun Solaris, HP-UX and IBM's AIX."
Damn, just when I thought the certification had some value!
Engineering is the art of compromise.
Red Hat couldn't have pulled this off without technology stolen from SCO. It's a known fact that SCO owns IP on everything that makes linux useful.
drip...drip...
Excuse me, I've got sarcasm dripping from my chin...
Its pretty well common knowledge in the security community that Microsoft paid for that certification.
While I can't remember if it was specifically Windows 2000 with the Common Criteria or Windows NT with the Orange Book Cert, I do remember that the system configuration which won them the cert was with no network connection, no floppy drives, and no CDROM drives on the box that was tested. In essence, no non-keyboard input methods. (They couldn't guarantee the OS would stay clean long enough to get the cert.)
Basically, the certification was useless as soon as you configured the box to do any useful processing on the machine. Then again, many would say that is the same of Windows itself.
--Storm
Microsoft: This is WinME, we claim it is shit.
CC Official:sniff, sniff. Yep, sure is. Stamp!
Engineering is the art of compromise.
"Common Criteria is about validating that the OS/Firewall/etc. etc. does what the VENDOR says it will do."
Microsoft: "This operating system has numerous vulnerability exploits and poor compatability with old drivers and applications."
CC board: "Well, whaddaya know, so it does!"