LinuxWorld: Linux's lack of compliance with the Common Criteria may prohibit government acceptanceJul 27, 2000, 19:40 (14 Talkback[s])
(Other stories by Bruce Tober)
"Linux's security is not verified, certified, or evaluated by third parties. That is the biggest roadblock preventing some governments from adopting the OS more widely, said one speaker at the UKUUG Linux 2000 Developers' Conference."
"The biggest threat to Linux becoming the software of choice in government circles is that there is no third-party verification, certification or evaluation of it, according to Linda Walsh, a speaker at the UKUUG Linux 2000 Developers' Conference held July 7-9 in London...."
"Functionally, Linux lacks the ability to audit the necessary events [all security-relevant events] to meet the functional requirements of the Common Criteria Controlled Access Protection Profile (CAPP)," said Walsh. Linux lacks security procedures -- called Mandatory Access Control (MAC) or Labeled Security Protection Profile (LSPP) -- to specify which users are allowed to send or receive information from others, she said."