Interesante noticia.

------- Forwarded message follows -------
Date: Tue, 5 Aug 2003 14:35:26 +0200 (MEST)
From: Roman Drahtmueller <draht@suse.de>
Reply-To: Roman Drahtmueller <draht@suse.de>
To: suse-security-announce@suse.com
Message-ID: <Pine.LNX.4.53.0308051433260.26578@dent.suse.de>
X-Organization: SuSE
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-15
Content-Transfer-Encoding: QUOTED-PRINTABLE
Subject: [suse-security-announce] SuSE Linux Enterprise Server 8 gets Common Criteria Certificate

-----BEGIN PGP SIGNED MESSAGE-----

This non-standard SuSE Security Announcement does not provide any details
about security incidents and is posted to suse-security-announce@suse.com
for your information. Read the full press release about the successful
Common Criteria Certification of the SuSE Linux Enterprise Server 8 below.

The SuSE Security website has been redesigned. To read more about the
certification (such as the Security Target), please direct your browser to

  http://www.suse.de/security/

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
IBM and SuSE Linux Earn First Security Certification of Linux

ARMONK, N.Y. and Oakland, CA, August 5, 2003 -- IBM and SuSE Linux today
 announced that the two companies have achieved the first ever security
 certification of Linux, taking the critical next step in the maturation of
 Linux and enabling the adoption of Linux by governments and companies arou=
nd
 the world for mission critical environments.

IBM and SuSE Linux have achieved Common Criteria Security Certification fo=
r
 SuSE Linux Enterprise Server 8 running on IBM eServer xSeries. The Common
 Criteria (CC) is an internationally recognized ISO standard (ISO 15408) us=
ed
 by the Federal government and other organizations to assess security and
 assurance of technology products. The CC provides a standardized way of
 expressing security requirements and defines the respective set of rigorou=
s
 criteria by which the product will be evaluated. It is widely recognized
 among IT professionals, government agencies, and customers as a seal of
 approval for mission-critical software.

"We are pleased that Linux has reached this important security milestone
 through the joint efforts of IBM and SuSE," said Fritz Schulz, Defense
 Information Systems Agency. "The Common Criteria certification of Linux
 will be a critical factor as Linux is applied to mission critical
 environments."

SuSE Linux Enterprise Server 8 on IBM eServer xSeries has earned an
 Evaluation Assurance Level 2+ certification, commonly referred to as EAL2.
 IBM and SuSE also announced today that the companies have filed for a high=
er
 level of security certification for Linux, the Controlled Access Protectio=
n
 Profile with EAL3+ across the IBM eServer product line, which is expected
 later this year.

In addition to the Common Criteria certification, SLES 8 on IBM eServer
 platforms will meet the Common Operating Environment (COE) standard later
 this year. This will lead to a product that simultaneously meets Common
 Criteria and COE requirements. This standard, unique to the US Department =
of
 Defense (DoD), addresses functionality and interoperability requirements f=
or
 commercially acquired IT products. The COE specification is used to verif=
y
 the look and feel and function of software products as they are joined wit=
h
 government customized code. The COE is broadly recognized as a standard
 computing environment across the U.S. Government command and control
 systems.

"IBM and SuSE's landmark decision to submit the SuSE Linux Enterprise Serve=
r
 product to Common Criteria testing challenges the view of many skeptics th=
at
 open source systems could not withstand such testing due to the difficulty
 of establishing processes in an open-source environment. This announceme=
nt
 demonstrates IBM's commitment to enterprise infrastructure that is secure,
 cost effective and open," said IBM Senior Vice President of Technology and
 Manufacturing, Nicholas Donofrio. "With this announcement, we continue to
 build upon our commitment to delivering Common Criteria certification acro=
ss
 the IBM eServer platforms. Most importantly, the Common Criteria
 certification further validates the security and quality of open source
 software, not only for Global Government, but for other industries with
 critical security requirements."

"SuSE is the world's only open source operating system manufacturer which h=
as
 technically demonstrated Common Criteria proficiency that can control and
 minimize security risks through a comprehensive quality assurance process,=
"
 said Richard Seibt, Chief Executive Officer, SuSE Linux. "The Common
 Criteria evaluation marks yet another first for SuSE, and will further
 reassure companies of the high quality and security of the SuSE Linux
 Enterprise Server."

Sponsored by IBM, the evaluation was completed by atsec information securit=
y
 GmbH, one of the world's leading vendor-independent IT security consulting
 companies, accredited in Germany by the Federal Office for Information
 Security (BSI).

Under Common Criteria, products are evaluated against strict standards for
 various features, such as the development environment, security
 functionality, the handling of security vulnerabilities, security related
 documentation and product testing. In certifying SLES 8 on IBM xSeries,
 atsec information security GmbH evaluated how SuSE Linux develops, tests a=
nd
 maintains its products, as well as assessing the processes in place at th=
e
 company for handling security issues in its software. IBM and SuSE have
 committed to release key components of the Common Criteria evaluation to t=
he
 CCeLinux Consortium and Linux development community, by the end of the
 month. In addition, IBM and SuSE will continue to work with the open sour=
ce
 development community to actively enhance Linux security to make Linux eve=
n
 more secure than it is today.

"We congratulate IBM and SuSE for their commitment to information security
 as evidenced by the recent successful evaluation and certification of SuSE
 Linux Enterprise Server 8. This Linux server product joins a growing list =
of
 commercial products evaluated under the international security standard
 Common Criteria---providing greater assurance in the component products
 used to build more secure information systems for the federal government,"
 said Ron S. Ross, Ph.D., National Institute of Standards and Technology.

In addition to IBM's ongoing commitment to accelerate the development and
 certification of Linux as a secure, industrial strength operating system,
 IBM will continue to invest in ongoing certifications for new and existing
 IBM products. Common Criteria certification is anticipated for IBM's premi=
er
 virtualization technology, z/VM, in the upcoming year. z/VM allows
 mainframe customers to run tens to hundreds of instances of the Linux
 operating system on a single IBM zSeries server. IBM's suite of middlewar=
e
 products are also in line for Common Criteria certification on Linux. IBM
 Directory has just completed evaluation under the Common Criteria. WebSphe=
re
 Application Server and Tivoli Access Manager are in evaluation today, and
 several other Software Group products are being prepared to enter the
 evaluation process.

About IBM
IBM is the world's largest information technology company, with 80 years of
 leadership in helping businesses innovate. Drawing on resources from acros=
s
 IBM and key IBM Business Partners, IBM offers a wide range of services,
 solutions and technologies that enable customers, large and small, to take
 full advantage of the new era of e-business. For more information about IB=
M
 and Linux, visit www.ibm.com/linux.

About SuSE Linux
SuSE Linux is the international technology leader and solutions provider in
 Open Source operating system software. SuSE's unique expertise in Linux an=
d
 its largest development team worldwide dedicated to Open Source software h=
as
 contributed to the recognition of SuSE as the most complete Linux solution
 available today. SuSE Linux is a privately held company focused entirely o=
n
 supporting the Linux community and Open Source development.

###

SuSE is a registered trademark of SuSE Linux AG. Linux is a registered
 trademark of Linus Torvalds. All other trademarks mentioned herein are the
 property of their respective owners.

IBM, the IBM logo, and the IBM e-business Logo are registered trademarks of
 International Business Machines Corporation.

Regards,
Roman Drahtmueller,
SuSE Security.
- --
 - -
| Roman Drahtm=FCller <draht@suse.de> // Nail here |
  SuSE Linux AG - Security Phone: // for a new
| N=FCrnberg, Germany +49-911-740530 // monitor! --> [x] |
 - -
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iQEVAwUBPy+kD3ey5gA9JdPZAQFZfAf+NRu2VcNQU4ZBKUsNLXSy6CyGUe82gO4Y
3RaapXq8Fxu1Np6ZLrqiMSvAuwO8e1ssxZ7L0iK1V7jvB2UrmodmnRD4C5TaxwFR
3+r16AxuO7pmHzUh7GkyctlBTu37obElkjFzqT4C0SU8oLC0pNYr02Dbl3xOXwMl
tiA4Yv0SEV8LydX6DkJCIg2ts6cCnMidXe9XCVqdGPM1xhIK0XMZfiCaqtssdH75
GRsH15COFXGHnhA2zEMTIVHiYOpudy7EY3PBGOgQ9mm5EwGb/LPIDnmuqptytkZg
W2IpkobYaiXeXZulGmZfu6anL/imphEpY24Kb1L67M7bl44rsvqLvw=3D=3D
=3Dfaca
-----END PGP SIGNATURE-----

-- 
To unsubscribe, e-mail: suse-security-announce-unsubscribe@suse.com
For additional commands, e-mail: suse-security-announce-help@suse.com
------- End of forwarded message -------
		-=|Manuel Angel Fernández|=-