One of the big problems for getting open source into the Government sector is lack of Common Criteria certification.

Does Canonical have any plans to put Ubuntu through Common Criteria certification?

Basicly without certification a lot of governments are unable to procure an operating system. So high end governments have to go for Red Hat, SUSE, Solaris or dare I say it WinXP.

Another alternative could Canonical, Xandros, HP, Libranet, Linspire and other Debian based systems get together to sponsor the Debian Project through the Common Criteria certification? After all Debian is the rock on which Ubuntu is built.

Info on Common Criteria:

http://www.commoncriteriaportal.org

Is this an advertisement?

Far from it.

If you spend some sime googling on the National Security Agency in the states (Information Assurance Mission), Defence Signals Directorate in Australia, or GCHQ in the UK or any other technologically advanced country you will see that they are all part of the scheme.

Follow this link.

http://www.commoncriteriaportal.org/public/consumer/index.php?menu=6

Look at the governments involved.

It is very difficult at National government level to advocate an operating system that is not Common Criteria Approved. State and local level don't seem to be a problem.

I know linux (including Debian) and the BSD's are rock solid for security. But the first thing management (and the beancounters) want to know is is the operating system Common Criteria approved.

Thats why it would be brilliant if someone or a alliance of debian/producers/users would put Debian through the testing procedure. The problem is that testing is expensive.

Until then most national governments will tend to pick Red Hat, SUSE or Mandrake even though Debian based OS's are just as secure (and easier to patch). The savings at government level would be fantastic. I hope Mark reads this.

A link explaining the importance of Common Criteria to adopting Linux for National Government use.

http://www.cbronline.com/article_news.asp?guid=C39CD3FF-E923-4251-93EA-2E227651E462

Far from it.

If you spend some sime googling on the National Security Agency in the states (Information Assurance Mission), Defence Signals Directorate in Australia, or GCHQ in the UK or any other technologically advanced country you will see that they are all part of the scheme.

Follow this link.

http://www.commoncriteriaportal.org/public/consumer/index.php?menu=6

Look at the governments involved.

It is very difficult at National government level to advocate an operating system that is not Common Criteria Approved. State and local level don't seem to be a problem.

I know linux (including Debian) and the BSD's are rock solid for security. But the first thing management (and the beancounters) want to know is is the operating system Common Criteria approved.

Thats why it would be brilliant if someone or a alliance of debian/producers/users would put Debian through the testing procedure. The problem is that testing is expensive.

Until then most national governments will tend to pick Red Hat, SUSE or Mandrake even though Debian based OS's are just as secure (and easier to patch). The savings at government level would be fantastic. I hope Mark reads this.


Correct