They are *NOT* EAL7. They have not yet selected a lab, their code has not yet been reviewed. If they are claiming EAL7, they need to pony up and fly right. Show me the certificate...
I was in with a company rep of their not more than a month ago...no lab, no submission, no certificate. They are designed to achieve EAL7, but they are not far enough along in the process to have it yet.
In fact, they stand on their FAA work alone at the moment, in my understanding they did not bother with EAL2-4, so they are headed straight for EAL7. This means they are at least 6-9 months from any EAL* certification.
I'm a long time Linux user (late '93) and advocate and I have explored Integrity about four months ago. Let them spread FUD if they want. I would hope that we, the linux community are above that. Nothing would please me more than to have this guantlet be taken up by some interested folks, have them explore some of the major concepts which Green Hills promoted for their embedded OS, and impliment them for embedded Linux.
Green Hills Integrity has interesting features such as kernel and MMC enforced seperation of memory space, manatory access controls in the OS, and most insteresting, guarantied resources.
It seemed to me, talking with a presenter that came into our firm, that Green Hills has three things going for them. First, they really do seem to have a solid design, well throught out with features required for folks seeking high levels of trust and availability (technically) and they have multiple organizations (FAA and soon NSA) backing their security targets (things they claim it does, verified by NIAP labs, etc), and third, they have some really fantastic debugging tools. Real-time and record and re-run monitoring for *everything*, direct off your emebedded hardware. Some of their stuff is really slick.
I'd hope that our community can see past the FUD and marketing dribble, and get to the heart of the challenge. If we want to show Green Hills up, take some of the key concepts which their customers require, such resouce availability and DAC capabilities of the OS and integrate them into embedded linux as options. Leave them with only the tools market, and in five years they may just be developing tools for embedded linux development instead...
Don't let Green Hills pull the wool over your eyes. This is not an Open Source vs Proprietary fight. They have some very nice security concepts and features embedded linux simply can not (yet) complete against. This is just the left jab...it's the distraction, watch for the right fist in closed door sales presentations and as deal closers. Would you let your CEO explain anything techincal? You might let him use a left jab...
Slashdot Mirror
They are *NOT* EAL7. They have not yet selected a lab, their code has not yet been reviewed. If they are claiming EAL7, they need to pony up and fly right. Show me the certificate...
I was in with a company rep of their not more than a month ago...no lab, no submission, no certificate. They are designed to achieve EAL7, but they are not far enough along in the process to have it yet.
In fact, they stand on their FAA work alone at the moment, in my understanding they did not bother with EAL2-4, so they are headed straight for EAL7. This means they are at least 6-9 months from any EAL* certification.
I'm a long time Linux user (late '93) and advocate and I have explored Integrity about four months ago. Let them spread FUD if they want. I would hope that we, the linux community are above that. Nothing would please me more than to have this guantlet be taken up by some interested folks, have them explore some of the major concepts which Green Hills promoted for their embedded OS, and impliment them for embedded Linux.
Green Hills Integrity has interesting features such as kernel and MMC enforced seperation of memory space, manatory access controls in the OS, and most insteresting, guarantied resources.
It seemed to me, talking with a presenter that came into our firm, that Green Hills has three things going for them. First, they really do seem to have a solid design, well throught out with features required for folks seeking high levels of trust and availability (technically) and they have multiple organizations (FAA and soon NSA) backing their security targets (things they claim it does, verified by NIAP labs, etc), and third, they have some really fantastic debugging tools. Real-time and record and re-run monitoring for *everything*, direct off your emebedded hardware. Some of their stuff is really slick.
I'd hope that our community can see past the FUD and marketing dribble, and get to the heart of the challenge. If we want to show Green Hills up, take some of the key concepts which their customers require, such resouce availability and DAC capabilities of the OS and integrate them into embedded linux as options. Leave them with only the tools market, and in five years they may just be developing tools for embedded linux development instead...
Don't let Green Hills pull the wool over your eyes. This is not an Open Source vs Proprietary fight. They have some very nice security concepts and features embedded linux simply can not (yet) complete against. This is just the left jab...it's the distraction, watch for the right fist in closed door sales presentations and as deal closers. Would you let your CEO explain anything techincal? You might let him use a left jab...