Red Hat Pushes For CC Certification By Year's End

Ridgelift writes "This article indicates Red Hat Linux is about to receive certification under the Common Criteria (CC) Scheme worldwide. This has been a long road for Red Hat, and 'once successfully certified in the UK, Red Hat products will be recognised as certified and approved by information security agencies from all 19 countries participating in the Common Criteria program.' This means Red Hat will sit alongside Sun Solaris, HP-UX and IBM's AIX."

SuSE?

[santiag0]

Does anyone know if SuSE/Novell is pursuing this same certification?

Validating the Kernel Development Model

[oo_waratah]

From the original February discussion. This has even more relevance now. ...

"The Common Criteria, ..., grades products based not only on their security and reliability, but also on the development and support processes that ensure quick responses to problems."
Does that mean that the US Gov. will be officially saying that the Kernel development model is OK ?

Re:Windows 2000 is certified as well

[Iorek]

There's a difference, though. The security target evaluation (at the beginning of the evaluation - it really scopes the evaluation) is a sanity check. The evaluator would certainly fail the ASE components of a concrete lifejacket evaluation. The evaluator is making sure the functional requirements are mutually supportive, that the security problem they're solving is well defined, that the requirements themselves can solve that problem... It's far more than a "This is what I do... See, I'm doing what I say I do."