Page Two

: Moves Afoot for Linux Certification">

"The government really means it this time," Davidson said. "After years of asking for this and then the local procurement officers would get waivers and sort of get whatever they wanted, its different now. Waivers, if any are given, have to go through the National Security Agency. Theyve been vocal to me, saying, Read my lips. No waivers."

Oracle expects the evaluation of Red Hats Linux Advanced Server to be completed this year. The next step is to evaluate Oracle 9i Release 2 database on top of the evaluated Linux, Davidson said, which should take "a few months." The release has already been evaluated on Windows NT and Solaris.

IBM, for its part, will invest development resources to enable Linux for Common Criteria certification across IBM eServer platforms and will fund initial evaluations in 2003. Other investments will include ongoing certifications for new and existing IBM products. Also, IBM will accelerate its investment in the certification of servers and middleware, including DB2, WebSphere, Lotus and Tivoli.

As IBM looks to secure additional government contracts with agencies seeking the Linux OS, it is complying with federal guidelines that require all commercially acquired IT products used in national security systems be independently certified against the Common Criteria.

Willis, from the Rhode Island Department of State, applauded IBMs move because, unlike Oracles, it isnt vendor-specific. "By choosing to not go vendor-specific, theyre going to gain a huge amount of credibility among the legions of open source vendors," he said.

Oracle, however, has declared that the security evaluation will be made available to the larger open source Linux community, allowing Linux providers besides Red Hat to distribute an evaluated Linux operating system.