OS X Security Evaluation

[arn]

According to CNet, Apple has submitted Mac OS X for an independant security evaluation.

The testing, being done as part of the U.S. government's National Information Assurance Partnership, will evaluate Mac OS X and Mac OS X Server on a series of common criteria used by a number of countries to evaluate the security features of various technologies. The evaluation allows governments and businesses to compare the relative security features of different products.

Submitting the operating system for testing could help give the Mac more clout in government circles, said Tom Goguen, director of worldwide product marketing for Apple's server software unit.

 

[sparkleytone]

well maybe they can get OS X running on the 286's that run our NATIONAL FLIGHT TRACKING systems. of course it wouldnt look to good on a MONOCHROME screen!

 

[DavPeanut]

sounds good

I'm a regular!

 

[drastik]

good, more power to them. I think that this coiuld be a big boost for Apple. I have a friend at the State Department who uses Macs at home, but appearantly Gov. IT ain't intereted.

 

[SubFredZero]

Hmmmmm

I don't know but there have been big security leaks in OS X... I don't know if they are already fixed but I think it won't be secure enough for the gouvernement

 

[sparkleytone]

there haven't been big security leaks in OS X. there have been big security leaks in apache and openSSL. big difference. apple did a great job packaging the fixes in a timely manner.

 

[j763]

good point, sparkleytone. I really don't think that it's fair to blame apple for something that effects all *nix OS's.

 

[billiam0878]

Listen, even if their are a few leaks, OS X has to be more secure than Windows.

Bill

 

[synergy]

Software is coming. Government is the single biggest buyer of computers in the US. (AFAIK disclaimer

Some enterprising individuals should start some consulting businesses for the government fitting the software to their needs. Could sell a bunch of easy to use imacs, emacs and more.

 

[shadowfax0]

This is so Apple with have an evaluation, so they can in future create a secrue Darwin kernel, just like Solaris, or AIX have done. So being the tests, etc. will take a year or so to complete, this will not make anyone in the Gov't's buying dept. turn their heads and sign a check. There is little chance that Apple got EVERYTHING right right off the bat, this will merely tell them where to improve so they can come back and try again

 

[mmcneil]

Reasons for Security Evaluation

Originally posted by shadowfax0
This is so Apple with have an evaluation, so they can in future create a secrue Darwin kernel, just like Solaris, or AIX have done. So being the tests, etc. will take a year or so to complete, this will not make anyone in the Gov't's buying dept. turn their heads and sign a check. There is little chance that Apple got EVERYTHING right right off the bat, this will merely tell them where to improve so they can come back and try again

I think you called this right, however I believe there is a reasonable chance that they will pass the first time for the simple reason that they are building on a known software foundation. Given that the evaluation takes over a year (according to a local San Diego paper), it may include "find and fix" opportunities. Not sure what the rules are, but I doubt that it is a simple pass/fail.

 

[CHess]

So I would guess then that Apple is submitting Jaguar. Do you think Apple would submit anything for such testing without feeling confident that it will stand up to the competition? Any idea about security improvements in 10.2?