Mandrake Secures French Ministry of Defense Deal

Sfing_ter writes "According to this press release, Mandrake Linux has won a contract to provide a secure linux solution for the French Ministry of Defense. Would this make the FMOD more secure than the USDOD?"

Re:Insecure Linux

[Too+Much+Noise]

I know you were just rethorical about it, but RTFA and at least you might be able to sound interesting.

Here's a bunch of clues, anyway:

1. No sane Dept. of Defense would rely on foreign software - so the contractors are French.
   
2. Mandrake is not the sole contractor.
   
3. The contract is for 3 years and aims at a CC-EAL5 certification; not exactly a typical Mandrake setup.
   
4. Linux and Security can mix - although not everyone uses that mix. Witness SELinux and it's offsprings.
   

Anyway, if they manage a EAL5 certification for this, they'll be able to laugh their asses out at Defense Dept.s that use (or even more, mandate the use) of Windows on their computers. Seeing that w2k only made it (dubiously) to EAL4.

EAL4 Methodically Designed, Tested and Reviewed. Analysis is supported by the low-level design of the modules of the TOE, and a subset of the implementation. Testing is supported by an independent search for obvious vulnerabilities. Development controls are supported by a life-cycle model, identification of tools, and automated configuration management.

EAL5 Semiformally Designed and Tested. Analysis includes all of the implementation. Assurance is supplemented by a formal model and a semiformal presentation of the functional specification and high level design, and a semiformal demonstration of correspondence. The search for vulnerabilities must ensure relative resistance to penetration attack. Covert channel analysis and modular design are also required.

(See here)