Nicholas writes: “There’s an interesting
interview over at
LinuxWorld about U.S. government and open-source
security. Robert McMillan of LinuxWorld.com talks to Marc
Sachs of the White House Cyberspace Security Office about
the role of open-source software in the US government.”
If the US Government is so keen to have an interest in using GPL and/or Open Source and/or any other kind of derivative, inclusive, exclusive and all…
THEY CAN CERTIFY THE SOFTWARE THEMSELFS!
As they are the ones that make up the certifications themselfs!
Cheers…
I don’t work for the Gov, so I’m not in position to comment, but I would guess that the Gov’t doesn’t want to get tangled in the cost of doing those certs. Better off leaving it up to software firms like MS. If/when crap hits the fan, they point fingers. Isn’t that what Gov’s are good at doing?
btw a little inside info, some branch of the us govt or military(im not sure which one) is making a move to a public key infrastructure with windows2000(not xp) with token cards and external usb devices for authentication, cisco routers, pix, and vpn concentrators. not exactly open source by any means, but supposedly a really nice setup.
A vendor will be required to do it. The only Linux vendor with the financial resources and (possibly) the motivation to do so is IBM.
Will they do it? There is no way to tell. If they do, it will probably be by bankrolling someone like RedHat, TurboLinux or Mandrake to have the testing done. Then, IBM can advertise the heck out of the distribution, its security certification, and the fact that IBM is happy to support it for you. Along with their applications, etc.
Unfortunately, I think the first patch applied invalidates the security rating.
Then there isn’t any security certified software in the WORLD!