Question - Does PostgreSQL have an Evaluation Assurance Level?
Good morning,
My name is Nick Mayer, and I had a question concerning PostgreSQL's EAL. Has PostgreSQL been put through any audit/security testing, and does it have an EAL? If so, would I be able to get this information? I would appreciate any assistance you are able to provide for this.
Thanks,
Nick Mayer
Cyber Engineer
Lockheed Martin
Email: nicholas.j.mayer@lmco.com<mailto:nicholas.j.mayer@lmco.com>
On Tue, 2023-05-30 at 13:48 +0000, Mayer, Nicholas J wrote:
My name is Nick Mayer, and I had a question concerning PostgreSQL’s EAL. Has PostgreSQL
been put through any audit/security testing, and does it have an EAL? If so, would I be
able to get this information? I would appreciate any assistance you are able to provide for this.
I have never heard of that, but I'll reply on the -general list, where the question is
more likely to reach the people who know.
Yours,
Laurenz Albe
Hi Laurenz,
Thanks for your reply but we are actually all set with this. We found out that while PostgreSQL does not have EAL, the 'Crunchy Data' does have EAL of 2. Please feel free to close/discontinue this question and discussion if you like.
Thanks,
Nick
-----Original Message-----
From: Laurenz Albe <laurenz.albe@cybertec.at>
Sent: Wednesday, May 31, 2023 3:08 PM
To: Mayer, Nicholas J (US) <nicholas.j.mayer@lmco.com>; pgsql-general@lists.postgresql.org
Subject: EXTERNAL: Re: Question - Does PostgreSQL have an Evaluation Assurance Level?
On Tue, 2023-05-30 at 13:48 +0000, Mayer, Nicholas J wrote:
My name is Nick Mayer, and I had a question concerning PostgreSQL’s
EAL. Has PostgreSQL been put through any audit/security testing, and
does it have an EAL? If so, would I be able to get this information? I would appreciate any assistance you are able to provide for this.
I have never heard of that, but I'll reply on the -general list, where the question is more likely to reach the people who know.
Yours,
Laurenz Albe
On Wed, 2023-05-31 at 19:51 +0000, Mayer, Nicholas J wrote:
We found out that while PostgreSQL does not have EAL, the 'Crunchy Data' does have EAL of 2.
I see. I guess you are aware that a closed source fork of PostgreSQL is probably no more
secure than the original. But this is more about ticking off checkboxes, right?
Yours,
Laurenz Albe
Hi Laurenz,
Thanks for this information. That is correct, we are just ticking off the checkboxes at the moment but I appreciate your feedback.
Thanks again,
Nick
-----Original Message-----
From: Laurenz Albe <laurenz.albe@cybertec.at>
Sent: Wednesday, May 31, 2023 4:31 PM
To: Mayer, Nicholas J (US) <nicholas.j.mayer@lmco.com>; pgsql-general@lists.postgresql.org
Subject: EXTERNAL: Re: EXTERNAL: Re: Question - Does PostgreSQL have an Evaluation Assurance Level?
On Wed, 2023-05-31 at 19:51 +0000, Mayer, Nicholas J wrote:
We found out that while PostgreSQL does not have EAL, the 'Crunchy Data' does have EAL of 2.
I see. I guess you are aware that a closed source fork of PostgreSQL is probably no more secure than the original. But this is more about ticking off checkboxes, right?
Yours,
Laurenz Albe