Green Hills Software Inc has raised the bar for the Operating System Software Vendors. It is very nice to see their Commercial Operating System certified by the National Information Assurance Partnership (NIAP), a U.S. government initiative operated by the National Security Agency (NSA), to Common Criteria Evaluation Assurance Level (EAL) 6+, High Robustness.
Green Hills Software Inc. Integrity RTOS EAL 6+ Certificate
http://www.marketwire.com/press-release/Green-Hills-Software-Inc-921108.html
The mainstream Operating System Software Vendors have been able to get only up to EAL 4+. This is pushes STOP 7 (EAL 5+) from BAE Systems as the Second Most Secured Operating System. It is interesting to note that WindRiver is also working in getting their VxWorks RTOS certified at EAL 6+.
The above Common Criteria Evaluation information is primarily for the Operating System and not for the applications running inside the Operating System. This means that a Python/PHP application deployed under this EAL6+ environment can still be vulnerable and allow a SQL Injection Attack. Everybody can be benefited with the usage of Secure environment, provided the entire development community is conscious about the intricacies involved in securing the environment and develop secure applications.
Common Criteria Evaluation and Trusted Computing help us organize the very foundation (the OS and where it runs) of creating a secure environment. Now it is still within the reach of the best minds in the Open Source world to come-up with a Open Source Implementation covering both Software and Hardware parts of a EAL 6+/7 Solution. It would help even SMEs to work in a secure environment. Wouldn’t that be worth the cause?
Thanks for post. Nice to see such good ideas.
sSqGu9 Thanks for good post