IBM looking to certify Linux

IBM Corp. plans to work with the Linux user community to ensure that the operating system achieves increasing security assurance levels throughout this year and 2004.

IBM is committed to achieving Common Criteria (CC) security certification of Linux across the IBM eServer platform, according to Dan Frye, director of IBM's Linux Technology Center.

CC is an internationally endorsed, independently tested set of standards used by the federal government and organizations worldwide to evaluate the security and assurance levels of technology products.

The CC push comes as Linux, which is not owned by any vendor, is gaining in popularity as an alternative to proprietary operating systems from Microsoft Corp. and Unix vendors. Because Linux is open-source software, it generally is available for free, and many companies make money selling utilities and services.

Federal agencies are increasingly interested in Linux because of its reliability, ability to reduce information technology costs, and its portability across different computing platforms, Frye said. At a recent federal conference, most of the attendees were anxious to get Linux-certified so they can have the option to deploy the operating systems where it makes business sense, Frye said.

"Governments in the U.S. and worldwide are beginning to require CC [certification] for hardware and software [platforms]," Frye said. "Taking [systems] through the certification process provides the assurance that the system does what you say it does. Nobody has taken Linux through the process [yet]," Frye said. He added that many vendors would be a part of that process.

For its part, IBM will work with partners to complete the CC evaluation and certification process and develop additional security enhancements. Working through its Linux Technology Center, IBM will speed up its investment in the certification of its servers and family of middleware software, including WebSphere, DB2, Lotus and Tivoli software, IBM officials said.

In other Linux-related news, Red Hat Inc. earlier this week said that the Red Hat Linux Advanced Server has achieved the Defense Department's Common Operating Environment (COE) certification. COE is a DOD software security and interoperability specification, recognized as a critical computing standard across the U.S. government.

Red Hat Linux Advanced Server achieved certification running on IBM eServer xSeries 330.

"COE provides a common framework of reference so all applications can be built, tested and certified on one platform," said Michael Tiemann, Red Hat's chief technology officer. He noted that Red Hat has been working with the Defense Information Systems Agency for more than a year to become COE-compliant.