Red Hat Linux Gets Top Government Security Rating
The news of Red Hat Enterprise Linux 4 attaining EAL4 + LSPP is important to the entire Linux community. Red Hat Enterprise Linux 4 now holds the highest possible government security rating that can be acquired by an off the shell operating system. A great deal of work has gone into this certification, but it speaks volumes about the maturity of Linux. It is unlikely that any other operating system in history has progressed so quickly in so many directions. No doubt this is a great example of how impressive the open source development model can be.
This particular certification is due to the progress made with SELinux. SELinux is still a relatively young addition to the Linux kernel. No doubt great things will be accomplished with SELinux in the future.
Third-Party Severity Ratings
The above story compares how Red Hat rated the severity of a number of security flaws compared to how The National Vulnerability Database (NVD) rated the same flaws. The Red Hat Enterprise Linux ratings are comparable to how the same flaws are rated for Fedora. The one sentence summary is that the way Red Hat rates flaws and the way NVD rates flaws is different. The analysis in the article does a nice job of explaining why this likely is.
Fedora Security Response Team
The Fedora Security Response Team is still moving along. Things aren't moving terribly fast, but they are moving. The team is still primarily slogging through the list of old CVE ids to ensure that we've not missed anything in Fedora 7. I hope to use this article to keep the community in general up to date on the progress of security issues in Fedora.
