Red Hat Pushes For CC Certification By Year's End

Ridgelift writes "This article indicates Red Hat Linux is about to receive certification under the Common Criteria (CC) Scheme worldwide. This has been a long road for Red Hat, and 'once successfully certified in the UK, Red Hat products will be recognised as certified and approved by information security agencies from all 19 countries participating in the Common Criteria program.' This means Red Hat will sit alongside Sun Solaris, HP-UX and IBM's AIX."

Re:Windows 2000 is certified as well

[calebtucker]

Yeah, I kinda scratched my head when I saw a microsoft O/S at EAL4+. I think the CC is more about validating the core of the operating system. As you add more software to a system, it's going to become more vulnerable (*cough* IE, outlook, IIS *cough*).

Re:Windows 2000 is certified as well

[Jeremiah+Cornelius]

CC is restricted to VERY specific implementations.

No deviation is allowed from the exact hardware, software and network configuration that is the certification target. Yes, this includes additional security patches. That would constitute a new platform for certification - at an additional expense of may hundreds of thousands USD.

I suppose that it makes a decent benchmark of sorts. Still, its mainly a diligence measure for getting into Govt purchasing schedules, and has little to do with a practical or useful evaluation of the actual security of an OS.