By Elizabeth Millard LinuxInsider Part of the ECT News Network
09/24/04 9:37 AM PT
The consortium plans to make bringing Linux up to the Evaluation Assurance Level 5 (EAL5), which is part of an internationally recognized security certification called Common Criteria, its first effort. EAL5 satisfies major security requirements in commercial as well as defense and government applications.
How Much is 'Free' Costing You? Learn how DaveRamsey.com saw a 567% uplift in ROI with Omniture. This complimentary guide and webinar cover the most important factors in selecting an analytics solution. Download Now.
A consortium of French Linux firms are poised to work on developing a highly secure Linux operating system for business, defense and government use.
The effort is being funded by the French Ministry of Defense, which chose Paris-based Linux vendor Mandrakesoft as the project leader. The other French companies include Bertin Technologies, Surlog, Oppida and Jaluna. The contract is a US$8.58 million, three-year deal .
Mandrakesoft spokesperson Gael Duval told LinuxInsider that the consortium is important, because it will heighten open-source security.
The other companies in the group echo Duval's sentiment. In a statement, Jaluna CEO Michel Glen noted, "We are very happy to contribute our well known operating system expertise towards such an ambitious goal."
Group Effort
The consortium is expected to work first on getting Linux to meet the Evaluation Assurance Level 5 (EAL5), which is part of an internationally recognized security certification called Common Criteria. EAL5 satisfies major security requirements in commercial as well as defense and government applications.
To meet the goal, consortium partners will work on hardware partitioning and virtualization technology.
Jaluna will be responsible for system development, Surlong will monitor software development processes and Oppida will do evaluation against the Common Criteria standard.
Mandrakesoft will contribute and adapt its Linux operating system, and it will manage the open-source community efforts for the project.
When the project is completed, its efforts will be released by Mandrakesoft under an open-source license. The company noted that the project will leverage the power of open source by reusing a good amount of preexisting software, as well as by letting the community survey and improve the code.
Philippe Demigne, chairman of Bertin Technologies, noted in a statement, "This will be a world-first for an operating system solution of such a wide scope, and we are proud to be at the heart of such a challenge."
European Focus
Boosting Linux security is especially important when considering the types of customers that companies like Mandrakesoft are courting in Europe.
"We have many deals with government agencies in progress," Duval said.
Although the company has had financial troubles in the past, it is now profitable, and it recently announced several deals for its products.
The most high profile customer recently for Mandrakesoft was the French Ministry of Equipment, which migrated 1,500 office and infrastructure Microsoft (Nasdaq: MSFT) Windows NT servers to Mandrake Corporate servers.
Other European Linux companies also have been active in persuading governmental and defense agencies to switch to open source. Duval noted that better security would be compelling for those governmental entities currently contemplating whether to go with Linux.
"It brings more credibility to Linux," Duval said. "And that will have a very positive effect."
Locking Down
Open-source security has gained more attention in past months, as bugs and flaws have been discovered in software toolkit Qt3, media player application Mplayer, and Web browser Opera.
Recently, Microsoft has aggressively worked to highlight open-source security vulnerabilities. In a recent speech, Microsoft's CEO, Steve Ballmer, said that the open-source community lacked a defined process for addressing security concerns. He contrasted this with Microsoft, which he said has superior quality control measures.
However, some observers have argued that the open-source community is quick to address issues, because of the community's cohesion.
Yankee Group analyst Laura DiDio told LinuxInsider: "Linux security is a good example of what happens when many people are working on a problem. It gets solved quickly."
That means that while the open-source community might lack a central security point, it does tend to move efficiently through collective efforts. Continued emphasis on security in the community and the development of a highly secure open operating system by the French consortium could bring a level of security to Linux that it needs for wider adoption.
That is important, DiDio said, because more security problems are likely to crop up in the future.
"Wherever you have code, you'll have problems," she said. "There will be vulnerabilities whether you're talking about Linux or Microsoft -- which is why it's good that it's being addressed now."
SpamAssassin Switches to Apache License September 23, 2004
The effort to bring SpamAssassin and Apache together has been an ongoing project that included effort of nearly 100 contributors and multiple lead programmers. Apache representative Lawrence Rosen told LinuxInsider that Apache's licensing is designed to foster the open-source spirit, and that shows in projects like SpamAssassin.
Related Stories
Microsoft's Ballmer Addresses Linux, Security September 02, 2004
Joyce Plotkin, Massachusetts Software Council's president, told LinuxInsider that the group regularly brings heavy hitters to its membership meetings, and that past speakers have included Bill Gates and Steve Jobs. Ballmer was invited because Microsoft is a member of the local council, and reaction to his speech was predominantly positive.
Security Vulnerability in Linux Qt Toolkit Fixed August 24, 2004
Fixing the Qt flaw quickly was a priority, said Thomas Biege, a member of the SuSE security support and auditing team, in an interview with LinuxInsider. "Every application which is linked against the Qt3 library and used the vulnerable function of image handling can be crashed or exploited to execute arbitrary code by processing a malformed image," he said.
Related News Alerts
More by Elizabeth Millard
Ken Xie of Fortinet on Fighting Content Threats November 25, 2004
"Integrating independent security systems together and keeping them all up-to-date and able to coordinate their actions in the face of a fast-moving attack is a daunting if not intractable task," Fortinet CEO Ken Xie told ECT News. "To deal with today's and tomorrow's blended threats requires a more integrated, holistic approach to security."
Microsoft Files More Lawsuits over Spam September 24, 2004
Going after spammers rather than focusing merely on developing antispam technology is an important step, John Movina, spokesperson for the Coalition Against Unsolicited Commercial Email, said. He told The E-Commerce Times that the United States has weaker criminal laws against spam than other countries, so it's vital to find other means to stop spammers.
Copyright Fight Breaks Out Over Mambo September 22, 2004
Brian Connolly, the president of an online publishing Web site called Furthermore, indicated he believes that while the copyright issue is being contended, Mambo users should cease use of the technology.
Headline Feeds
.
Talkback: 
