Red Hat Reveals Two-Year Roadmap for Security in Enterprise Linux

5/3/2004 - Red Hat, the world's leading provider of open source solutions to the enterprise, announced new accomplishments as well as a two-year roadmap for security in Red Hat Enterprise Linux. Work to achieve government security standards, security certifications and work with the NSA-developed SELinux lead the list of security initiatives planned by Red Hat. Red Hat's goal is to advance industry security standards and simplify security for customers.

Since its availability in 2002, Red Hat Enterprise Linux has achieved important milestones in security standards:

EAL 2 Certification and Plans for EAL 3 and 4
Last quarter Red Hat Enterprise Linux v. 3 was awarded Common Criteria Evaluation Assurance Level (EAL) 2 certification by the UK IT Security Evaluation and Certification Scheme. The evaluation is in compliance with the U.S. government's security policy directives. The Common Criteria Scheme enables consumers to obtain an impartial assessment of an IT product by an independent lab. This impartial assessment, or security evaluation, includes an analysis of the IT product and the testing of the product for conformance to a set of security requirements. Security standards play a critical role in today's computing architecture and Red Hat is working to achieve higher levels of security evaluation with EAL 3 and 4 certification in future releases of Red Hat Enterprise Linux.

Oracle sponsored and worked with Red Hat to submit Red Hat Enterprise Linux for the EAL 2 security evaluation. "Red Hat's completion of the Common Criteria evaluation at EAL2 allows security-conscious customers to be assured of using a secure operating system to run their enterprise applications," said Mary Ann Davidson, Chief Security Officer, Oracle Corp.

Mitre CVE Compatibility
A second security accomplishment for Red Hat is the certification from Mitre for Common Vulnerabilities and Exposures (CVE) compatibility for Security Advisories. CVE aims to standardize the names for all publicly known vulnerabilities and security exposures to simplify security practices. Red Hat is the only Linux vendor to be awarded this certification for security standards.

SELinux Roadmap
Most recently made available in March as part of Fedora Core 2, test 2, Security Enhanced Linux is the most significant milestone in Red Hat's security roadmap for Red Hat Enterprise Linux. Benefits to customers with an implementation of SELinux will be reduced risk and exposure to many of the common security vulnerabilities as well as system access control at a much more granular level. SELinux will be fully integrated and available in Red Hat Enterprise Linux v. 4 in early 2005.

"Security certifications and compliance with standards are top priorities for Red Hat and are key drivers of innovation." said Paul Cormier, Executive Vice President of Engineering at Red Hat. "We are committed to industry standards and will continue to drive acceptance and adherence of standards, leading by example."

For more information on EAL, CVE or other standards, please visit To download Fedora Core 2, test 2, with SELinux please visit

About Red Hat, Inc.
Red Hat is the world's premier open source and Linux provider. Red Hat is headquartered in Raleigh, N.C. and has offices worldwide. For more information, visit

LINUX is a trademark of Linus Torvalds. RED HAT is a registered trademark of Red Hat, Inc.

Previous Page | News by Category | News Search

If you found this page useful, bookmark and share it on: