IBM, Oracle sponsor Linux security certifications

Linux may get the security credentials it needs for use in sensitive government jobs, thanks to IBM Corp. and Oracle Corp.

Each company announced this week that it will independently sponsor a Common Criteria evaluation of a version of the open source operating system.

Industry observers have long speculated that Linux would not be sponsored for Common Criteria evaluation due to the costs involved - usually ranging from $500,000 to $1 million, according to Oracle, Redwood Shores, Calif. - and the fact that no competitive advantage would ensue from sponsorship because open source licensing allows for free distribution. However, both companies are sponsoring evaluations to further use of their own hardware and software within government.

In addition, Red Hat Inc., Raleigh, N.C., announced this week that its version of Linux for servers won Defense Information Systems Agency's Common Operating Environment certification.

The National Information Assurance Partnership, a joint office of the National Institute of Standards and Technology and the National Security Agency, administers Common Criteria.

Last October, the Windows 2000 operating system from Redmond, Wash.'s Microsoft Corp. won Common Criteria certification from Science Applications International Corp., San Diego, which performed the third party testing. Oracle's evaluation will be handled by London IT services provider LogicaCMG Plc. IBM did not disclose its evaluator.

Oracle is also submitting a package of its Oracle9i Database Release 2 on top of a Linux operating system for review as well.

"Increasingly Oracle's security-conscious customers are interested in deploying Linux," said Mary Ann Davidson, chief security officer at Oracle.

IBM's sponsorship, which is independent of Oracle's, will submit a version of Linux used in its own eServer platforms.

"This investment represents the next step in IBM's ongoing commitment to accelerate the development of Linux as a secure, industrial strength operating system," said Jim Stallings, an IBM general manager of Linux solutions.

Red Hat announced that a configuration of its Red Hat Linux Advanced Server running on IBM's eServer won the Defense Information Systems Agency's Common Operating Environment, or COE, certification. COE certification is used by the Department of Defense Joint Technical Architecture to validate software for use in Defense Department command and control, computers, communications and intelligence systems.

"The COE certification of Red Hat Linux Advanced Server opens low-cost computing solution avenues to federal agencies for new open source server deployments," Stallings said.

(Updated Feb. 13, 2003, 3:57 p.m.)

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here


  • POWER TRAINING: How to engage your customers

    Don't miss our Aug. 2 Washington Technology Power Training session on Mastering Stakeholder Engagement, where you'll learned the critical skills you need to more fully connect with your customers and win more business. Read More


    In our latest Project 38 Podcast, editor Nick Wakeman interviews Tom Romeo, the leader of Maximus Federal about how it has zoomed up the 2019 Top 100. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.