Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mandrake Secures French Ministry of Defense Deal

Posted by CmdrTaco on from the a-whole-lotta-moola dept.

Sfing_ter writes "According to this press release, Mandrake Linux has won a contract to provide a secure linux solution for the French Ministry of Defense. Would this make the FMOD more secure than the USDOD?"

3 of 14 comments (clear)

  1. Please Move Along by captnitro · · Score: 2, Insightful

    To answer the posts that will inevitably ensue: yes, they do, and we knew you were gonna make the joke way before you thought it was funny.

  2. Re:Insecure Linux by Too+Much+Noise · · Score: 3, Informative
    I know you were just rethorical about it, but RTFA and at least you might be able to sound interesting.

    Here's a bunch of clues, anyway:

    1. No sane Dept. of Defense would rely on foreign software - so the contractors are French.
    2. Mandrake is not the sole contractor.
    3. The contract is for 3 years and aims at a CC-EAL5 certification; not exactly a typical Mandrake setup.
    4. Linux and Security can mix - although not everyone uses that mix. Witness SELinux and it's offsprings.


    Anyway, if they manage a EAL5 certification for this, they'll be able to laugh their asses out at Defense Dept.s that use (or even more, mandate the use) of Windows on their computers. Seeing that w2k only made it (dubiously) to EAL4.


    EAL4 Methodically Designed, Tested and Reviewed. Analysis is supported by the low-level design of the modules of the TOE, and a subset of the implementation. Testing is supported by an independent search for obvious vulnerabilities. Development controls are supported by a life-cycle model, identification of tools, and automated configuration management.

    EAL5 Semiformally Designed and Tested. Analysis includes all of the implementation. Assurance is supplemented by a formal model and a semiformal presentation of the functional specification and high level design, and a semiformal demonstration of correspondence. The search for vulnerabilities must ensure relative resistance to penetration attack. Covert channel analysis and modular design are also required.



    (See here)
  3. More secure? by MrResistor · · Score: 3, Interesting

    I don't think the point is necessarily for the FMOD to be more secure than the USDOD, but rather to be more secure from the USDOD.

    That is, after all, one of the primary reasons so many foreign government entities are getting interested in FOSS. Microsoft's response, Shared Source, is weak, since while they get to look at the source, they have no way to guarantee that it's the actual source for what they're installing (assuming that they even get to see all of the source. IIRC, they don't)

    --
    Under capitalism man exploits man. Under communism it's the other way around.