IBM looking to certify Linux

IBM Corp. plans to work with the Linux user community to ensure that the operating system achieves increasing security assurance levels throughout this year and 2004.

IBM is committed to achieving Common Criteria (CC) security certification of Linux across the IBM eServer platform, according to Dan Frye, director of IBM's Linux Technology Center.

CC is an internationally endorsed, independently tested set of standards used by the federal government and organizations worldwide to evaluate the security and assurance levels of technology products.

The CC push comes as Linux, which is not owned by any vendor, is gaining in popularity as an alternative to proprietary operating systems from Microsoft Corp. and Unix vendors. Because Linux is open-source software, it generally is available for free, and many companies make money selling utilities and services.

Federal agencies are increasingly interested in Linux because of its reliability, ability to reduce information technology costs, and its portability across different computing platforms, Frye said. At a recent federal conference, most of the attendees were anxious to get Linux-certified so they can have the option to deploy the operating systems where it makes business sense, Frye said.

"Governments in the U.S. and worldwide are beginning to require CC [certification] for hardware and software [platforms]," Frye said. "Taking [systems] through the certification process provides the assurance that the system does what you say it does. Nobody has taken Linux through the process [yet]," Frye said. He added that many vendors would be a part of that process.

For its part, IBM will work with partners to complete the CC evaluation and certification process and develop additional security enhancements. Working through its Linux Technology Center, IBM will speed up its investment in the certification of its servers and family of middleware software, including WebSphere, DB2, Lotus and Tivoli software, IBM officials said.

In other Linux-related news, Red Hat Inc. earlier this week said that the Red Hat Linux Advanced Server has achieved the Defense Department's Common Operating Environment (COE) certification. COE is a DOD software security and interoperability specification, recognized as a critical computing standard across the U.S. government.

Red Hat Linux Advanced Server achieved certification running on IBM eServer xSeries 330.

"COE provides a common framework of reference so all applications can be built, tested and certified on one platform," said Michael Tiemann, Red Hat's chief technology officer. He noted that Red Hat has been working with the Defense Information Systems Agency for more than a year to become COE-compliant.


  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.