“Linux’s security is not verified, certified, or evaluated by
third parties. That is the biggest roadblock preventing some
governments from adopting the OS more widely, said one speaker at
the UKUUG Linux 2000 Developers’ Conference.”
“The biggest threat to Linux becoming the software of choice
in government circles is that there is no third-party verification,
certification or evaluation of it, according to Linda Walsh, a
speaker at the UKUUG Linux 2000 Developers’ Conference held July
7-9 in London….”
“Functionally, Linux lacks the ability to audit the necessary
events [all security-relevant events] to meet the functional
requirements of the Common Criteria Controlled Access Protection
Profile (CAPP),” said Walsh. Linux lacks security procedures —
called Mandatory Access Control (MAC) or Labeled Security
Protection Profile (LSPP) — to specify which users are allowed to
send or receive information from others, she said.”