RealTime IT News

Mandrakesoft in Bid For EAL5 Certification

Linux vendor Mandrakesoft is teaming with a consortium of European partners in an effort to win Common Criteria Evaluation Assurance Level 5 (EAL5), the highest security certification for defense and other highly sensitive areas of governmental IT operations.

The French Ministry of Defense is sponsoring the project in a three-year, €7 million deal.

The rigorous certification standard is recognized in 20 countries and evaluated under a program called Common Criteria Evaluation and Validation Scheme (CCEVS).

Red Hat Enterprise Linux recently received its EAL2 certification while announcing that it was pursuing EAL3 certification. Novell's SUSE Linux currently holds EAL3 certification.

Seven Unix-based operating systems versions, including SUN Microsystems's Solaris, Hewlett-Packard's HP-UX and IBM's AIX have EAL 4 certification, as do several versions of Microsoft's Server product lines.

IBM's zSeries 990 server also earned EAL5 certification level for the security of its logical partitions in May of this year.

In addition to Mandrakesoft, the consortium for EAL 5 certified Linux includes Bertin Technologies, Surlog, Jaluna, and Oppida. Mandrakesoft said it would adapt a version of its Mandrakelinux operating system for the project. Bertin Technologies will be responsible for the actual Common Criteria -EAL5 evaluation and Opida will perform the evaluation for the ISO 15408 common criteria evaluation. Juluna plans to help with system development and Surlog is responsible for monitoring the software development process.

"This is a consortium project. So all actors will bring their knowledge and technology into the project," Gael Duval, founder of MandrakeLinux, told internetnews.com. "Mandrakesoft will naturally bring its technical expertise and all needed software bricks. Nevertheless it's different than taking an existing Mandrakelinux version as a base."

Duval also indicated that the EAL5 version of Linux that will be developed would have differences between it and any version of Mandrakelinux currently available. "There will certainly be strong differences since the result will have to answer all specifications needed by the Defense," he said.

"Such a project makes the most of the Open Source development model," said Frangois Bancilhon, CEO of Mandrakesoft in a statement. "It will leverage the power of Open Source, first by reusing a good deal of preexisting software, and second, by letting the community survey and improve the code. Mandrakesoft is naturally proud to lend its skills to such a project -- it is our most important to date and a major milestone for the company."

Since emerging from bankruptcy in March of this year, Mandrakesoft has unveiled version 10 of its Mandrakelinux OS, which was well-received in the open source community. It also acquired Edge-IT in a bid to beef up its support abilities.