Arquivos históricos do apresenta:

Linux ganha certificação de segurança

Notícia publicada por brain em agosto 5, 2003 05:07 PM | TrackBack

Recebi hoje um press-release da SuSE informando que ela e a IBM conseguiram obter a primeira certificação oficial de segurança do Linux. O SuSE Linux Enterprise Server 8 rodando nos IBM xSeries alcançou a certificação Common Criteria, um padrão definido pela ISO e reconhecido internacionalmente. Esta certificação é condição importante para aplicações de missão crítica, e esta notícia é particularmente boa porque significa que o Linux poderá começar a ser usado oficialmente em projetos seguros do governo americano. A íntegra do press-release você encontra nos DETALHES.

Armonk, NY, August 5, 2003 -- IBM and SuSE Linux today announced that SuSE
achieved the first ever security certification of Linux, taking the
critical next step in the maturation of Linux and enabling the adoption of
Linux by governments and companies around the world for mission critical
SuSE Linux Enterprise Server 8 has achieved Common Criteria Security
running on IBM eServer xSeries. The Common Criteria (CC) is an
internationally recognized ISO standard (ISO 15408) used by the Federal
government and other organizations to assess security and assurance of
technology products. The CC provides a standardized way of expressing
security requirements and defines the respective set of rigorous criteria
by which the product will be evaluated. It is widely recognized among IT
professionals, government agencies, and customers as a seal of approval for
mission-critical software.
"We are pleased that Linux has reached this important security milestone
through the joint efforts of IBM and SuSE," said Fritz Schulz, Defense
Information Systems Agency. "The Common Criteria certification of Linux
will be a critical factor as Linux is applied to mission critical
SuSE Linux Enterprise Server 8 on IBM eServer xSeries has earned an
Evaluation Assurance Level 2+ certification, commonly referred to as EAL2+.
IBM and SuSE also announced today that the companies have filed for a
higher level of security certification for SuSE Linux, the Controlled
Access Protection Profile with EAL3+ across the IBM eServer product line,
which is expected later this year.
In addition to the Common Criteria certification, SLES 8 on IBM eServer
platforms is excpected to meet the Common Operating Environment (COE)
standard later this year. This will lead to a product that simultaneously
meets Common Criteria and COE requirements. This standard, unique to the
US Department of Defense (DoD), addresses functionality and
interoperability requirements for commercially acquired IT products. The
COE specification is used to verify the look and feel and function of
software products as they are joined with government customized code. The
COE is broadly recognized as a standard computing environment across the
U.S. Government command and control systems.
"The landmark decision to submit the SuSE Linux Enterprise Server product
to Common Criteria testing challenges the view of many skeptics that open
source systems could not withstand such testing due to the difficulty of
establishing processes in an open-source environment. This announcement
demonstrates IBM's commitment to enterprise infrastructure that is secure,
cost effective and open," said IBM Senior Vice President of Technology and
Manufacturing, Nicholas Donofrio. "With this announcement, we continue to
build upon our commitment to delivering Common Criteria certification
across the IBM eServer platforms. Most importantly, the Common Criteria
certification further validates the security and quality of open source
software, not only for Global Government, but for other industries with
critical security requirements."
"SuSE is the world's only open source operating system manufacturer which
has technically demonstrated Common Criteria proficiency that can control
and minimize security risks through a comprehensive quality assurance
process," said Richard Seibt, Chief Executive Officer, SuSE Linux. "The
Common Criteria evaluation marks yet another first for SuSE, and will
further reassure companies of the high quality and security of the SuSE
Linux Enterprise Server."
The evaluation was completed by atsec information security GmbH, one of the
world's leading vendor-independent IT security consulting companies,
accredited in Germany by the Federal Office for Information Security (BSI).
Under Common Criteria, products are evaluated against strict standards for
various features, such as the development environment, security
functionality, the handling of security vulnerabilities, security related
documentation and product testing. In certifying SLES 8 on IBM xSeries,
atsec information security GmbH evaluated how SuSE Linux develops, tests
and maintains its products, as well as assessing the processes in place at
the company for handling security issues in its software. IBM and SuSE have
committed to release key components of the Common Criteria evaluation to
the CCeLinux Consortium and Linux development community, by the end of the
month. In addition, IBM and SuSE will continue to work with the open
source development community to actively enhance Linux security to make
Linux even more secure than it is today.
"We congratulate IBM and SuSE for their commitment to information security
as evidenced by the recent successful evaluation and certification of SuSE
Linux Enterprise Server 8. This Linux server product joins a growing list
of commercial products evaluated under the international security standard
Common Criteria---providing greater assurance in the component products
used to build more secure information systems for the federal government,"
said Ron S. Ross, Ph.D., National Institute of Standards and Technology.
In addition to IBM's ongoing commitment to accelerate the development and
certification of Linux as a secure, industrial strength operating system,
IBM intends to continue to invest in ongoing certifications for new and
existing IBM products. IBM plans to seek Common Criteria certification for
IBM's premier virtualization technology, z/VM, in the upcoming year. z/VM
helps enable mainframe customers to run tens to even hundreds of instances
of the Linux operating system on a single IBM zSeries server. IBM's suite
of middleware products are also in line for Common Criteria certification
on Linux. IBM Directory has just completed evaluation under the Common
Criteria. WebSphere Application Server and Tivoli Access Manager are in
evaluation today, and several other IBM Software products are being
prepared to enter the evaluation process.
About IBM
IBM is the world's largest information technology company, with 80 years of
leadership in helping businesses innovate. Drawing on resources from across
IBM and key IBM Business Partners, IBM offers a wide range of services,
solutions and technologies that enable customers, large and small, to take
full advantage of the new era of e-business. For more information about IBM
and Linux, visit
About SuSE Linux
SuSE Linux is the international technology leader and solutions provider in
Open Source operating system software. SuSE's unique expertise in Linux and
its largest development team worldwide dedicated to Open Source software
has contributed to the recognition of SuSE as the most complete Linux
solution available today. SuSE Linux is a privately held company focused
entirely on supporting the Linux community and Open Source development.


Comentários dos leitores
(Termos de Uso)

Comentários desativados: Esta discussão é antiga e foi arquivada, não é mais possível enviar comentários adicionais.

O Arquivo Histórico do mantém no ar (sem alteração, exceto quanto à formatação, layout, tabela de caracteres, etc.) o acervo de notícias, artigos e outros textos publicados originalmente no site na segunda metade da década de 1990 e na primeira década do século XXI, que contam parte considerável a história do Linux e do Open Source no Brasil. Exceto quando indicado em contrário, a autoria dos textos é de Augusto Campos, e os termos de uso podem ser consultados na capa do Considerando seu caráter de acervo, é provável que boa parte dos links estejam quebrados, e que as informações deste texto estejam desatualizadas.