VMware and security

A lot of people keep talking about the security of virtualization. They say it isn’t safe and stuff like that.

I know this post is a couple of months old, but I think it is important to realize that VMware certainly finds security important.

On May 20, 2008, VMware VI3 (ESX Server 3.0.2 & VirtualCenter 2.0.2) achieved Common Criteria certification at EAL4+ under the Canadian Common Criteria Evaluation and Certification Scheme (CCS).  EAL4+ is the highest assurance level that is recognized globally by all signatories under the Common Criteria Recognition Agreement (CCRA)

This milestone marks the completion of an intensive effort during which VMware ESX Server and VirtualCenter were examined, tested and certified at the Evaluation Assurance Level 4 (EAL4+). In addition to validating VI3, personnel from the validation lab visited VMware to witness and validate VMware’s planning, development, QA, IT, HR, delivery processes and validate building physical security. The plus (+) appended to the assurance level indicates this certification included the optional Flaw Remediation component. To achieve Flaw Remediation, VMware’s issue tracking & flaw remediation processes where also validated.