Basic Notions on Access Control.- Test based security certifications.- Formal methods for software verification.- OSS security certification.- Case Study 1: Linux certification.- Case Study 2: ICSA and CCHIT Certifications.- The role of virtual testing labs.- Long-term OSS security certifications: An Outlook.
Open Source Systems Security Certification discusses Security Certification Standards and establishes the need to certify open source tools and applications. This includes the international standard for the certification of IT products (software, firmware and hardware) Common Criteria (ISO/IEC 15408) (CC 2006), a certification officially adopted by the governments of 18 nations.
Without security certification, open source tools and applications are neither secure nor trustworthy. Open Source Systems Security Certification addresses and analyzes the urgency of security certification for security-sensible markets, such as telecommunications, government and the military, through provided case studies.
This volume is designed for professionals and companies trying to implement an Open Source Systems (OSS) aware IT governance strategy, and SMEs looking to attract new markets traditionally held by proprietary products or to reduce costs. This book is also suitable for researchers and advanced-level students.
One of the first books that covers security certification standards for open source systems exclusively
The primary author, Professor Ernesto Damiani of the University of Milan, is highly respected world wide in this field