Feeds

SuSE and IBM secure Linux for the Feds

Open source lockdown

  • alert
  • submit to reddit

Mobile application security vulnerability report

SuSE and IBM have moved a step closer to some meaty government and military contracts by helping Linux pass muster on a key security standard.

The two vendors have met Evaluation Assurance Level 2+ (EAL2+) of the Common Criteria (CC) standard used by Feds the world over. This security seal of approval covers SuSE Linux Enterprise Server 8 running on IBM's Intel and AMD-based xSeries servers.

This is a nice milestone for Linux, although the operating system still has a ways to go before it unseats more readily used OSes. All of the major versions of Unix along with Microsoft's Windows 2000 lay claim to a higher EAL4 certification.

SuSE and IBM hope to remedy this problem together. The companies expect to meet EAL3+ certification and the Common Operating Environment (COE) standard later this year. The COE requirement is unique to the U.S. Department of Defense (DoD), which, as we all know, is where the big money is these days.

Meeting these requirements should help Linux put more pressure on Unix and Windows in a key market. The open source OS has already marched right into lucrative segments such as financial services, unseating Unix on its way. Now, it's time to say "hello" to Uncle Sam.

For IBM, it appears a Linux push into government contracts will be nothing but gravy. Few tears will be shed if AIX is replaced by SuSE on IBM kit. In addition, it gives the vendor a bit of leverage against rival Sun Microsystems, which enjoys a prominent place with U.S. three-letter agencies.

Sun has just signed on with SuSE as well, but it's hard to imagine these two vendors going through all the security certification hassle together. First off, Sun does not have a comparable x86-based server lineup to IBM. More importantly, Sun wants Solaris to maintain its hold on the data center for now. Linux is fine as a Web or application server, but it has no place deep in the data center.

This isn't a bad strategy for the moment, since it will take SuSE and IBM sometime to meet Solaris on the security standards front. ®

Bridging the IT gap between rising business demands and ageing tools

More from The Register

next story
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
FLAPE – the next BIG THING in storage
Find cold data with flash, transmit it from tape
Seagate chances ARM with NAS boxes for the SOHO crowd
There's an Atom-powered offering, too
Gartner: To the right, to the right – biz sync firms who've won in a box to the right...
Magic quadrant: Top marks for, er, completeness of vision, EMC
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.