IBM, SuSE Linux Announce Security Certifications

By Peter Galli  |  Posted 2004-01-21 Print this article Print

At this week's LinuxWorld show, IBM and Novell's SuSE Linux made announcements about Linux security assessment and assurance.

NEW YORK—IBM and Novell Inc.s SuSE Linux used the annual LinuxWorld conference and expo here to make several announcements on Linux security assessment and assurance. The companies on Wednesday said that SuSE Linux Enterprise Server 8 on IBM eServers had achieved Controlled Access Protection Profile compliance under The Common Criteria for Information Security Evaluation (CC), commonly referred to as CAPP/EAL3+. The two firms also announced Common Operating Environment (COE) compliance on IBM xSeries and zSeries platforms for SuSE Linux Enterprise Server 8. Support for pSeries and iSeries will be available in the first half of this year. The Common Criteria (CC) is an internationally recognized ISO standard (ISO/IEC 15408) used by the Federal government and other organizations to assess security and assurance of technology products.
It provides a standardized way of expressing security requirements and defines the respective set of rigorous criteria by which the product will be evaluated. The standard is widely recognized among IT professionals, government agencies, and customers as a seal of approval for mission-critical software.
For its part, the COE is a specification created by the U.S. Department of Defense (DoD) that addresses functionality and interoperability requirements for commercially-acquired IT products within its command-and-control systems. These latest moves represent a significant expansion from last August, when IBM and SuSE announced they had achieved the first ever security certification for Linux. At that time, EAL2 (Evaluation Assurance Level 2) certification was announced for IBMs eServer xSeries line. The latest CAPP/EAL3+ achievement crosses the IBM eServer product line—iSeries, xSeries, pSeries and zSeries systems, as well as Advanced Micro Devices Inc. Opteron-based systems. "Todays announcement with SuSE Linux is another key development fueling the rapid rise of Linux in the government sector," said James Stallings, the general manager of Linux for IBM. "The Common Criteria certification across our server line further validates the security and quality of open source software." "Additionally, the achievement of the operating environment standard necessary for critical command-and-control operations signifies that Linux can now be considered on equal footing with other operating systems," Stallings continued. IBM also plans to obtain Common Criteria certification of z/VM, its premier virtualization technology, in 2004, while its suite of middleware products is also in line for Common Criteria certification on Linux. Common Criteria certifications have been awarded to IBM Directory Server and Tivoli Access Manager and other software products are now in evaluation for Common Criteria certification.
Peter Galli has been a financial/technology reporter for 12 years at leading publications in South Africa, the UK and the US. He has been Investment Editor of South Africa's Business Day Newspaper, the sister publication of the Financial Times of London.

He was also Group Financial Communications Manager for First National Bank, the second largest banking group in South Africa before moving on to become Executive News Editor of Business Report, the largest daily financial newspaper in South Africa, owned by the global Independent Newspapers group.

He was responsible for a national reporting team of 20 based in four bureaus. He also edited and contributed to its weekly technology page, and launched a financial and technology radio service supplying daily news bulletins to the national broadcaster, the South African Broadcasting Corporation, which were then distributed to some 50 radio stations across the country.

He was then transferred to San Francisco as Business Report's U.S. Correspondent to cover Silicon Valley, trade and finance between the US, Europe and emerging markets like South Africa. After serving that role for more than two years, he joined eWeek as a Senior Editor, covering software platforms in August 2000.

He has comprehensively covered Microsoft and its Windows and .Net platforms, as well as the many legal challenges it has faced. He has also focused on Sun Microsystems and its Solaris operating environment, Java and Unix offerings. He covers developments in the open source community, particularly around the Linux kernel and the effects it will have on the enterprise.

He has written extensively about new products for the Linux and Unix platforms, the development of open standards and critically looked at the potential Linux has to offer an alternative operating system and platform to Windows, .Net and Unix-based solutions like Solaris.

His interviews with senior industry executives include Microsoft CEO Steve Ballmer, Linus Torvalds, the original developer of the Linux operating system, Sun CEO Scot McNealy, and Bill Zeitler, a senior vice president at IBM.

For numerous examples of his writing you can search under his name at the eWEEK Website at


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel