Security limits Linux in government
The biggest threat to Linux becoming the software of choice in government is that there is no thirdparty verification, certification or evaluation
The biggest threat to Linux becoming the software of choice in government
circles is that there is no third-party verification, certification or evaluation
of it, Linux devotees were told last month.
The operating system also fails to meet Common Criteria (CC) requirements — an international agreement and protocol regarding security criteria — according to Linda Walsh, a member of Silicon Graphics Inc.'s Trust Technology
group. Walsh spoke at the U.K. Unix User Group Linux 2000 Developers' Conference
held July 7-9 in London.
"Functionally, Linux lacks the ability to audit [all security-relevant events]
to meet the functional requirements of the Common Criteria Controlled Access
Protection Profile," Walsh said. Linux lacks security procedures to specify
which users are allowed to send or receive information from others, she
added.
"Governments require assurance and third-party evaluation of trusted systems
before they will consider them safe to store or process government data,"
she said.
Nevertheless, France reportedly is close to passing a law making open-source
code — specifically, Linux — obligatory for applications used by the government's
computer systems.
Walsh speculated on the U.S. government's wariness about Microsoft. "The
fact that [Windows] is closed source and [the government is] at the mercy
of such a large and dominant vendor such as Microsoft would seem to be a
national security risk," she said.
Distributed by IDG News Service.
NEXT STORY: Consider tax implications of gifts