IBM earns Linux certification

The door just got a little bit wider for Linux to be used by government agencies for mission-critical systems now that IBM Corp. has earned security certification for the open-source operating system.

IBM and SuSE Inc. Linux have achieved Common Criteria security certification for SuSE Linux Enterprise Server 8 running on IBM eServer xSeries. The Common Criteria are internationally recognized standards used by the federal government and other organizations to assess the security of technology products.

"Definitely one of the obstacles that blocked lots of government folks from using Linux" has been removed, said John Pescatore, a vice president at Gartner Inc. Now Linux will be used more often for vital systems, he said.

The current level of security in Linux has been sufficient for IBM's 150 government users that have deployed the open-source operating system, said Scott Handy, director of Linux software solutions for IBM. Many of those customers use Linux as an alternative to Microsoft Corp's. Windows operating system to run general-purpose office applications. But some have more stringent security requirements, which IBM can now meet by earning Evaluation Assurance Level 2 (EAL2) certification, Handy noted.

The certification is a milestone because "many thought open-source [software] could not pass the [rigorous testing] of the Common Criteria," Handy said.

IBM and SuSE have applied for a higher level of security certification for Linux, the Controlled Access Protection Profile with EAL3 that will be available for IBM eServers. By year's end, the companies also expect to meet the Defense Department's Common Operating Environment, a set of military requirements for technology products.