Another nice piece of innovation from Market Solutions Inc. According to this week's tech headlines Oracle and IBM are jostling neck and neck in a bid to obtain a federal stamp of approval on Linux, with both companies announcing that they will submit their respective software to certification processes. In particular IBM announced yesterday that it plans to work with the Linux community to enter the Common Criteria certification process for the Linux operating system early this year, and that it will proceed with a progressive plan for certifying Linux at increasing security levels through this year and 2004. The connundrum is that a lot of government agencies aren't allowed to use software that isn't certified, and certification costs money. Now it can't have escaped the notice of even the least informed among us that open-source is for free, so who gets to foot the bill? The problem, as Jim Willis, director of e-government for the Rhode Island Department of State and large scale user of open source technologies puts it: "With proprietary software, it behooves vendors to pay to have it certified, so the government can use it. The problem with open source is, who's going to pay to have it certified? Which open source vendors are going to step up to the plate, to foot the bill?" Well it looks like Oracle and IBM just stepped up to the plate. With so much openware knocking around in the Federal security systems, does this mean we will soon be welcoming Rumsfeld and Ashcroft as open community members?
The Common Criteria is an independently tested set of standards used by organizations – the Federal government included – to evaluate the security and assurance levels of technology products. For Linux, securing the Common Criteria certification means that it provides a secure operating system for government applications, according to Jon Hall, president and executive director of Linux International. Both government computer experts and open source experts said the moves are "huge." Tony Stanko, associate director of Open Source and eGovernment at George Washington University's Cyber Security Policy and Research Institute, in Washington, pointed to a Mitre.org study that showed open source proliferates in the Department of Defense. "They found it's everywhere, and the security of critical systems depends in a large part on open source," Stanko said. In addition, there are looming deadlines that make it incumbent upon vendors to get software evaluated and certified. Stanko called Oracle's move a "great first step" toward dealing with a July 1 deadline, when federal military agencies won't be able to purchase systems that aren't NIAP (National Information Assurance Partnership) evaluated.