French Firms Aim To Beef Up Linux Security

A consortium of French Linux firms are poised to work on developing a highly secure Linux operating system for business, defense and government use.

The effort is being funded by the French Ministry of Defense, which chose Paris-based Linux vendor Mandrakesoft as the project leader. The other French companies include Bertin Technologies, Surlog, Oppida and Jaluna. The contract is a US$8.58 million, three-year deal.

Mandrakesoft spokesperson Gael Duval told LinuxInsider that the consortium is important, because it will heighten open-source security.

The other companies in the group echo Duval’s sentiment. In a statement, Jaluna CEO Michel Glen noted, “We are very happy to contribute our well known operating system expertise towards such an ambitious goal.”

Group Effort

The consortium is expected to work first on getting Linux to meet the Evaluation Assurance Level 5 (EAL5), which is part of an internationally recognized security certification called Common Criteria. EAL5 satisfies major security requirements in commercial as well as defense and government applications.

To meet the goal, consortium partners will work on hardware partitioning and virtualization technology.

Jaluna will be responsible for system development, Surlong will monitor software development processes and Oppida will do evaluation against the Common Criteria standard.

Mandrakesoft will contribute and adapt its Linux operating system, and it will manage the open-source community efforts for the project.

When the project is completed, its efforts will be released by Mandrakesoft under an open-source license. The company noted that the project will leverage the power of open source by reusing a good amount of preexisting software, as well as by letting the community survey and improve the code.

Philippe Demigne, chairman of Bertin Technologies, noted in a statement, “This will be a world-first for an operating system solution of such a wide scope, and we are proud to be at the heart of such a challenge.”

European Focus

Boosting Linux security is especially important when considering the types of customers that companies like Mandrakesoft are courting in Europe.

“We have many deals with government agencies in progress,” Duval said.

Although the company has had financial troubles in the past, it is now profitable, and it recently announced several deals for its products.

The most high profile customer recently for Mandrakesoft was the French Ministry of Equipment, which migrated 1,500 office and infrastructure Microsoft Windows NT servers to Mandrake Corporate servers.

Other European Linux companies also have been active in persuading governmental and defense agencies to switch to open source. Duval noted that better security would be compelling for those governmental entities currently contemplating whether to go with Linux.

“It brings more credibility to Linux,” Duval said. “And that will have a very positive effect.”

Locking Down

Open-source security has gained more attention in past months, as bugs and flaws have been discovered in software toolkit Qt3, media player application Mplayer, and Web browser Opera.

Recently, Microsoft has aggressively worked to highlight open-source security vulnerabilities. In a recent speech, Microsoft’s CEO, Steve Ballmer, said that the open-source community lacked a defined process for addressing security concerns. He contrasted this with Microsoft, which he said has superior quality control measures.

However, some observers have argued that the open-source community is quick to address issues, because of the community’s cohesion.

Yankee Group analyst Laura DiDio told LinuxInsider: “Linux security is a good example of what happens when many people are working on a problem. It gets solved quickly.”

That means that while the open-source community might lack a central security point, it does tend to move efficiently through collective efforts. Continued emphasis on security in the community and the development of a highly secure open operating system by the French consortium could bring a level of security to Linux that it needs for wider adoption.

That is important, DiDio said, because more security problems are likely to crop up in the future.

“Wherever you have code, you’ll have problems,” she said. “There will be vulnerabilities whether you’re talking about Linux or Microsoft — which is why it’s good that it’s being addressed now.”