Oracle has tightened up the security of a number of its products to allow customers to use them in critical national infrastructures, including in conjunction with open source technology from Linux.
Oracle has met the Common Criteria Evaluations at the EAL4 level – the highest industry security level for commercial software – for its Oracle Internet Directory, a middleware component of Oracle Identity Management; Oracle9i Database release 2; and the Oracle9i Label Security release 2.
An EAL4 grading is essential for companies wanting to comply with US national procurement policies, such as the National Security Telecommunications Information Systems Security Policy (NSTISSP) Number 11, and US Department of Defense directives.
To demonstrate its commitment to the Linux platform, Oracle said that its Oracle9i database release 2 and Oracle9i Label Security release 2 (the option of enhanced security for the Oracle9i Enterprise Edition, an application server) were compatible with the Novell SuSE Linux platform.
Oracle said these were the first such security evaluations it had completed on the Linux platform, and that the move demonstrated that open source Linux was a safe option for critical national infrastructures.
Mary Ann Davidson, Oracle chief security officer, said, "These evaluations underscore our commitment to delivering secure products on Linux and to extending the formal security evaluation process to Oracle's entire platform."