Open-source stacks are poised to shake up the world of government security certifications, such as the National Institute of Standards and Technology's Federal Information Processing Standard 140-2 and the National Information Assurance Partnership's Common Criteria ratings. Agencies that must buy software to meet these standards are finding that an open-source, modular approach can provide new choices on the marketplace.

That's what the Defense Department's Defense Medical Logistics Standard Support program found three years ago. The agency was looking at spending $200,000 to $500,000 on virtual private network software for its 600 HP-UX servers, and the software had to be FIPS-140-2-compliant. The trouble was, the agency planned to move off HP-UX in a few years, rendering the investment null, said Steve Marquess, a DMLSS consultant from Veridical Systems Inc. of Adamstown, Md., who spoke at the recent LinuxWorld conference.

The link for this article located at GCN is no longer available.