The Defence Signals Directorate Evaluated Product List (DSD EPL) provides a listing of products that have been deemed appropriate for use within the Australian Government for the protection of non-national security electronic information, according to the Directorate.
"The reason that there are currently no Microsoft products on the EPL is that no Microsoft products have gone through evaluation in Australia," the DSD told ZDNet Australia in correspondence. "However, the Microsoft Windows 2000 operating system has recently completed evaluation under the equivalent US program, the Common Criteria Evaluation and Validation Scheme (CCEVS)."
Windows 2000 Professional and Windows 2000 Server were passed by the CCEVS on the 25 October this year. Australia, along with the US and around 13 other countries, participates in the Common Criteria Recognition Arrangement (CCRA), whose participants have agreed to mutually recognise each other's product evaluations.
Government agencies were using Microsoft products years before any were declared as safe by the DSD because the EPL is a recommendation, rather than having regulatory force. According to the DSD, government agencies have to comply with DSD guidelines only when using cryptography to protect Commonwealth information, and must utilise a DSD-approved firewall to protect connections between government and public networks.
The DSD said one reason why some products aren't on the list is the high cost that can be incurred by developers attempting to have their product listed. This certainly has a deterring effect on the proponents of open source software, who are trying to convince all levels of government to convert to open source.
"We're very keen on seeing local [Australian] government look more seriously at adopting open source technology, but people said it's not on the evaluated product list by the DSD," Con Zymaris, CEO of Cybersource told ZDNet Australia . He said the only way to get an open source system such as Linux on the EPL was to have a large corporation decide it would be beneficial for them if the government used Linux and therefore funded the research.
The issue of whether government agencies should use open source software is a contentious one. The Initiative for Software Choice, a US lobby-group backed by computing giants such as Microsoft, Intel and Cisco Systems, is petitioning the US government to avoid open-source software.
It is worried about a recent report by independent IT research corporation MITRE, which concluded, among other things, that removal of open source software would remove the demonstrated ability of that software to be updated rapidly in response to new types of cyberattack.
Zymaris believes there is a sea-change occurring in the government. "In the past few months things seem to have become more positive," he said. "There is a higher awareness rate, and the IT managers have a more positive attitude [towards open source]."
"The government has particular ways and processes of doing things," added Zymaris. "We shouldn't say 'Hey! Change all that and do it our way!', we should find the best way to work with them."
Good, keep them off the list.
MS has yet to release a "safe" product.
When they do, Satan will be going to work in a snow plough.
(Note: Palladium does not count as MS have to rely on hardware to make this secure)