Re: [Linux-aus] This one's big...

Brad Hards <bhards@bigpond.net.au> · Tue Aug 5 19:35:02 2003

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 5 Aug 2003 15:36 pm, Con Zymaris wrote:
> This essentially means that the last major barrier has been removed for
> Linux deployments in sensitive-government sites in the US, Candada, UK,
> Australia and NZ, which following a similar security certification
> protocol suite...
Maybe useful for marketing, but essentially meaningless. Hell, Microsoft got 
some of their code certified. We don't know what assurance level was applied, 
nor do we know what functionality was assessed. Maybe a real press release 
would tell us, but IBMs website isn't too good today...

For a really cynical view, try:
http://eros.cs.jhu.edu/~shap/NT-EAL4.html

Common Criteria certification requirements and open source aren't a good mix. 
If you change the configuration, you have to get it recertified. What's the 
point of being able to fix it if you can't use it afterwards because your 
certification is blown? Sure, you have the code and can see what's wrong, but 
it isn't helping you...

Brad

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/L5VKW6pHgIdAuOMRAoBEAJoDRVqDOwDfoZ0V17QfCU/zHBay1wCfSYqp
XmJlh61Qp95xa1s0TXcCOhc=
=fK54
-----END PGP SIGNATURE-----