Since its availability in 2002, Red Hat Enterprise Linux has achieved important milestones in security standards:
- In 2003 Red Hat Enterprise Linux was the first Linux platform to achieve Department of Defense (DoD) Defense Information Systems Agency (DISA) Common Operating Environment (COE) certification.
- In February 2004 Red Hat Enterprise Linux was awarded Common Criteria Evaluation Assurance Level (EAL) 2 certification.
- In February 2004 Red Hat receives Mitre certification for Common Vulnerabilities and Exposures (CVE) compatibility for Security Advisories.
EAL 2 Certification and Plans for EAL 3 and 4
Last quarter Red Hat Enterprise Linux v. 3 was awarded Common Criteria Evaluation Assurance Level (EAL) 2 certification by the UK IT Security Evaluation and Certification Scheme. The evaluation is in compliance with the U.S. government's security policy directives. The Common Criteria Scheme enables consumers to obtain an impartial assessment of an IT product by an independent lab. This impartial assessment, or security evaluation, includes an analysis of the IT product and the testing of the product for conformance to a set of security requirements. Security standards play a critical role in today's computing architecture and Red Hat is working to achieve higher levels of security evaluation with EAL 3 and 4 certification in future releases of Red Hat Enterprise Linux.
Oracle sponsored and worked with Red Hat to submit Red Hat Enterprise Linux for the EAL 2 security evaluation. "Red Hat's completion of the Common Criteria evaluation at EAL2 allows security-conscious customers to be assured of using a secure operating system to run their enterprise applications," said Mary Ann Davidson, Chief Security Officer, Oracle Corp.
Mitre CVE Compatibility
A second security accomplishment for Red Hat is the certification from Mitre for Common Vulnerabilities and Exposures (CVE) compatibility for Security Advisories. CVE aims to standardize the names for all publicly known vulnerabilities and security exposures to simplify security practices. Red Hat is the only Linux vendor to be awarded this certification for security standards.
Most recently made available in March as part of Fedora Core 2, test 2, Security Enhanced Linux is the most significant milestone in Red Hat's security roadmap for Red Hat Enterprise Linux. Benefits to customers with an implementation of SELinux will be reduced risk and exposure to many of the common security vulnerabilities as well as system access control at a much more granular level. SELinux will be fully integrated and available in Red Hat Enterprise Linux v. 4 in early 2005.
"Security certifications and compliance with standards are top priorities for Red Hat and are key drivers of innovation." said Paul Cormier, Executive Vice President of Engineering at Red Hat. "We are committed to industry standards and will continue to drive acceptance and adherence of standards, leading by example"
For more information on EAL, CVE or other standards, please visit http://www.redhat.com/. To download Fedora Core 2, test 2, with SELinux please visit http://fedora.redhat.com.
About Red Hat, Inc.
Red Hat, the world's leading open source and Linux provider, is headquartered in Raleigh, NC with satellite offices spanning the globe. Red Hat is leading Linux and open source solutions into the mainstream by making high quality, low cost technology accessible. Red Hat provides operating system software along with middleware, applications and management solutions. Red Hat also offers support, training and consulting services to its customers worldwide and through top-tier partnerships. Red Hat's open source strategy offers customers a long term plan for building infrastructures that are based on and leverage open source technologies with focus on security and ease of management. Learn more: http://www.redhat.com
Forward-looking statements in this press release are made pursuant to the safe harbor provisions of Section 21E of the Securities Exchange Act of 1934. Investors are cautioned that statements in this press release that are not strictly historical statements, including, without limitation, management's plans and objectives for future operations, and management's assessment of market factors, constitute forward-looking statements which involve risks and uncertainties. These risks and uncertainties include, without limitation, reliance upon strategic relationships, management of growth, the possibility of undetected software errors, the risks of economic downturns generally, and in Red Hat's industry specifically, the risks associated with competition and competitive pricing pressures, the viability of the Internet, and other risks detailed in Red Hat's filings with the Securities and Exchange Commission, copies of which may be accessed through the SEC's Web site at http://www.sec.gov.
LINUX is a trademark of Linus Torvalds. RED HAT is a registered trademark of Red Hat, Inc. All other names and trademarks are the property of their respective owners.
- About Red Hat
Red Hat is the world’s leading provider of open source software solutions, using a community-powered approach to reliable and high-performing cloud, Linux, middleware, storage and virtualization technologies. Red Hat also offers award-winning support, training, and consulting services. As the connective hub in a global network of enterprises, partners, and open source communities, Red Hat helps create relevant, innovative technologies that liberate resources for growth and prepare customers for the future of IT. Learn more at http://www.redhat.com.
- Forward-Looking Statements
Certain statements contained in this press release may constitute "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Forward-looking statements provide current expectations of future events based on certain assumptions and include any statement that does not directly relate to any historical or current fact. Actual results may differ materially from those indicated by such forward-looking statements as a result of various important factors, including: risks related to delays or reductions in information technology spending; the effects of industry consolidation; the ability of the Company to compete effectively; the integration of acquisitions and the ability to market successfully acquired technologies and products; uncertainty and adverse results in litigation and related settlements; the inability to adequately protect Company intellectual property and the potential for infringement or breach of license claims of or relating to third party intellectual property; the ability to deliver and stimulate demand for new products and technological innovations on a timely basis; risks related to data and information security vulnerabilities; ineffective management of, and control over, the Company’s growth and international operations; fluctuations in exchange rates; and changes in and a dependence on key personnel, as well as other factors contained in our most recent Quarterly Report on Form 10-Q (copies of which may be accessed through the Securities and Exchange Commission’s website at http://www.sec.gov), including those found therein under the captions "Risk Factors" and "Management’s Discussion and Analysis of Financial Condition and Results of Operations". In addition to these factors, actual future performance, outcomes, and results may differ materially because of more general factors including (without limitation) general industry and market conditions and growth rates, economic and political conditions, governmental and public policy changes and the impact of natural disasters such as earthquakes and floods. The forward-looking statements included in this press release represent the Company’s views as of the date of this press release and these views could change. However, while the Company may elect to update these forward-looking statements at some point in the future, the Company specifically disclaims any obligation to do so. These forward-looking statements should not be relied upon as representing the Company’s views as of any date subsequent to the date of this press release.