Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

  The bill makes no mention of proprietary software or hardware.
The bill references Common Criteria certification procedures for the software running the network. This potentially could be used to exclude the use of custom operating systems and reconfigurations of, say, Linux or BSD, without them undergoing certification.

  the intent is clear: critical private national infrastructure 
  means air traffic control and the power grid
That's pure speculation on your part.


Linux has been EAL4 certified under the ludicrously weak and pro-forma common criteria. You can sell to DoD, on the real DoD secure networks, at EAL2. The bill also doesn't require everyone to run CC-certified OS's.


Specific versions of Linux provided by commercial vendors have been EAL4 certified. Ditto for EAL2.

The bill doesn't require Common Criteria certified software, but it allows for that requirement to be made.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: