Security limits Linux in government

UK Unix User Group home page

The biggest threat to Linux becoming the software of choice in government

circles is that there is no third-party verification, certification or evaluation

of it, Linux devotees were told last month.

The operating system also fails to meet Common Criteria (CC) requirements — an international agreement and protocol regarding security criteria — according to Linda Walsh, a member of Silicon Graphics Inc.'s Trust Technology

group. Walsh spoke at the U.K. Unix User Group Linux 2000 Developers' Conference

held July 7-9 in London.

"Functionally, Linux lacks the ability to audit [all security-relevant events]

to meet the functional requirements of the Common Criteria Controlled Access

Protection Profile," Walsh said. Linux lacks security procedures to specify

which users are allowed to send or receive information from others, she

added.

"Governments require assurance and third-party evaluation of trusted systems

before they will consider them safe to store or process government data,"

she said.

Nevertheless, France reportedly is close to passing a law making open-source

code — specifically, Linux — obligatory for applications used by the government's

computer systems.

Walsh speculated on the U.S. government's wariness about Microsoft. "The

fact that [Windows] is closed source and [the government is] at the mercy

of such a large and dominant vendor such as Microsoft would seem to be a

national security risk," she said.

Distributed by IDG News Service.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.