Original URL: http://www.theregister.co.uk/2003/08/05/suse_and_ibm_secure_linux/

SuSE and IBM secure Linux for the Feds

Open source lockdown

By Ashlee Vance

Posted in Servers, 5th August 2003 15:41 GMT

SuSE and IBM have moved a step closer to some meaty government and military contracts by helping Linux pass muster on a key security standard.

The two vendors have met Evaluation Assurance Level 2+ (EAL2+) of the Common Criteria (CC) standard used by Feds the world over. This security seal of approval covers SuSE Linux Enterprise Server 8 running on IBM's Intel and AMD-based xSeries servers.

This is a nice milestone for Linux, although the operating system still has a ways to go before it unseats more readily used OSes. All of the major versions of Unix along with Microsoft's Windows 2000 lay claim to a higher EAL4 certification.

SuSE and IBM hope to remedy this problem together. The companies expect to meet EAL3+ certification and the Common Operating Environment (COE) standard later this year. The COE requirement is unique to the U.S. Department of Defense (DoD), which, as we all know, is where the big money is these days.

Meeting these requirements should help Linux put more pressure on Unix and Windows in a key market. The open source OS has already marched right into lucrative segments such as financial services, unseating Unix on its way. Now, it's time to say "hello" to Uncle Sam.

For IBM, it appears a Linux push into government contracts will be nothing but gravy. Few tears will be shed if AIX is replaced by SuSE on IBM kit. In addition, it gives the vendor a bit of leverage against rival Sun Microsystems, which enjoys a prominent place with U.S. three-letter agencies.

Sun has just signed on with SuSE as well, but it's hard to imagine these two vendors going through all the security certification hassle together. First off, Sun does not have a comparable x86-based server lineup to IBM. More importantly, Sun wants Solaris to maintain its hold on the data center for now. Linux is fine as a Web or application server, but it has no place deep in the data center.

This isn't a bad strategy for the moment, since it will take SuSE and IBM sometime to meet Solaris on the security standards front. ®