Category Archives: Security

Fed up hospitals defy patching rules

This is my paraphrase to an interesting security-related article here. Hospital IT Departments are impatient in applying the latest security patches not screened by device manufacturers and risk being in noncompliance with HIPPA requirements. Device vendors not releasing latest patches risk losing FDA certification. While this article deals primarily with M$ software in medical devices, the situation theoretically could involve FOSS.

OpenEvidence: the open source for notarisation

Financed by the European community, OpenEvidence -part of European Project Group FP5- is an open source framework for data certification, time stamping and data archival that brings technology for evidence creation, validation and long term protection of documents.

Developers of France, Belgium, Estonia and Italy share in this project their technological know-how to build an architecture that can be applied to different business models like notarisation.

Based on standards ISO 17799, British Standard 7799, IETF PKI RFC 3161 and IETF PKI RFC 3029, standardisations efforts has been made collaborating with the LTANS IETF Working group, ISO (concerning time stamping standard), PKIX certificate validation protocols, DVCS update (RFC 3029) and ISO 18509.
A demonstration service of Time Stamping using RFC 3161 by C&A (Italian partners of OpenEvidence) can be used on its web site.

For more info about OpenEvidence:

IBM Clinches Security Certification for Linux

According to Reuters, IBM has achieved Common Criteria security certification for SuSE Linux: …they received the highest level of security evaluation used by governments when deciding to use software in their organizations. Linux, running on IBM computers using Intel Corp.’s (Nasdaq:INTC – news) chips, received the Common Criteria certification, a global standard for security features and capabilities of information technology products..’ Thanks to for this link.

OpenEvidence: EU finances an Open Source project

The EU is very active in supporting Open Source
development by providing financial aids to European
projects of interest, like OpenEvidence that
was approved to be realized by a consortium of technology providers and users from 4 countries: Belgium, France, Italy and Estonia.

In this contest C&A is very proud to announce its OpenEvidence participation, integrating its Time Stamping technology, to this ‘evidence creation and validation system’ of electronic documents and activities.

The technology developed by the project can be used as basic building blocks to support such services as non-repudiation of electronic business transactions, property right protection and notarisation.

Implementations and demonstration services using the protocols defined in RFC 3029 (DVCS) and RFC 3161 (TSP) will be provided as initial activity.
A version of time stamping service can be also be tested on the C&A web site.

To learn more about OpenEvidence: