IBM and Oracle have launched efforts to get the Linux operating system a security certification required by the...
US Department of Defense, so Linux suppliers are not cut off from the huge security IT market.
The Defense Department requires commercial software used in national security-related functions be certified in the Common Criteria or an alternative certification from the National Institute of Standards and Technology.
Microsoft and Sun Microsystems operating systems have Common Criteria certifications at the fourth level of assurance, but Linux does not, which would put it at a competitive disadvantage for Defense Department IT bids, said Tony Stanco, associate director of the Cyber Security Policy & Research Institute.
The institute is working on putting together a coalition to push for a Linux Common Criteria certification, the first step a level two certification. The level of certification will be how companies are going to prove they have secure software, Sanco added.
The goal of the coalition is to "make sure the Linux community is not denied a place at the table", Stanco said. The fear is that without the certification, Linux suppliers will not only be shut out of the $27.7bn (£17.6bn) Defense Department IT budget, but also from other government agencies that might follow the Defense Department's lead.
Linux, an open source operating system that is distributed by several suppliers and independent groups, faces certification challenges that proprietary suppliers do not, Stanco added.
The Common Criteria certifies to one code base, and Stanco's institute is attempting to get several suppliers on board with a certification push for a "generic" Linux server that Linux suppliers and companies like IBM and Oracle could use.
Stanco welcomed the efforts by IBM and Oracle for moving Linux certification in the right direction.