First Open Source-Based Database Completes U.S. Security Review

RaDag writes: The U.S. government has published a DoD-validated implementation guide, known as a STIG, for EDB Postgres Advanced Server from EnterpriseDB (EDB). This is a first. No other open source database, or open source-based database, has been through the US government's security review process and gotten a STIG published. Having this guide will help agencies seeking an open source-based alternative to costly traditional vendors like Oracle [and] will speed and ease deployment of EDB Postgres, which has database compatibility for Oracle.
They're now working with the U.S. Army, Navy, Marine Corps, and Air Force, according to a company statement. It also says that the Department of Defense and other U.S. government agencies "seek open source alternatives to traditional proprietary software," and see their database solution as "an opportunity to quickly reduce costs and shift away from expensive proprietary vendors, particularly as public policy initiatives around the world mandate adoption of more open source."

Certificate to Field

Not really a big deal.
Having a STIG benchmark is nice and all but "Certificate to Field" has been available for Postgres and MySQL for years. Many instances already fielded in critical gov't systems.

Not Open Source

While Postgres is open source, and EDB Postgres Advanced Server is based on Postgres, it has several closed source additions. What this means is that the open source database still does not have a STIG. So no, this is not a big win for open source databases, but it is a win for EDB.

This is NOT an open-source database.

[emil]

EnterpriseDB bundles a PL/SQL implementation that is advertised as compatible with Oracle's procedural SQL language (similar to ADA). This component is NOT open-source.

http://www.enterprisedb.com/compatibility-explained

IBM bundles the same PL/SQL emulation code in DB2.