IBM looking to certify Linux

IBM Corp. plans to work with the Linux user community to ensure that the operating system achieves increasing security assurance levels throughout this year and 2004.

IBM is committed to achieving Common Criteria (CC) security certification of Linux across the IBM eServer platform, according to Dan Frye, director of IBM's Linux Technology Center.

CC is an internationally endorsed, independently tested set of standards used by the federal government and organizations worldwide to evaluate the security and assurance levels of technology products.

The CC push comes as Linux, which is not owned by any vendor, is gaining in popularity as an alternative to proprietary operating systems from Microsoft Corp. and Unix vendors. Because Linux is open-source software, it generally is available for free, and many companies make money selling utilities and services.

Federal agencies are increasingly interested in Linux because of its reliability, ability to reduce information technology costs, and its portability across different computing platforms, Frye said. At a recent federal conference, most of the attendees were anxious to get Linux-certified so they can have the option to deploy the operating systems where it makes business sense, Frye said.

"Governments in the U.S. and worldwide are beginning to require CC [certification] for hardware and software [platforms]," Frye said. "Taking [systems] through the certification process provides the assurance that the system does what you say it does. Nobody has taken Linux through the process [yet]," Frye said. He added that many vendors would be a part of that process.

For its part, IBM will work with partners to complete the CC evaluation and certification process and develop additional security enhancements. Working through its Linux Technology Center, IBM will speed up its investment in the certification of its servers and family of middleware software, including WebSphere, DB2, Lotus and Tivoli software, IBM officials said.

In other Linux-related news, Red Hat Inc. earlier this week said that the Red Hat Linux Advanced Server has achieved the Defense Department's Common Operating Environment (COE) certification. COE is a DOD software security and interoperability specification, recognized as a critical computing standard across the U.S. government.

Red Hat Linux Advanced Server achieved certification running on IBM eServer xSeries 330.

"COE provides a common framework of reference so all applications can be built, tested and certified on one platform," said Michael Tiemann, Red Hat's chief technology officer. He noted that Red Hat has been working with the Defense Information Systems Agency for more than a year to become COE-compliant.


  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected