Security evaluation is a process by which independent but accredited organizations provide assurance in the security of IT products and systems to commercial, government, and military institutions. Such evaluations, and the criteria upon which they are based, serve to establish an acceptable level of confidence for IT purchasers and vendors alike. Furthermore, security evaluation criteria and ratings can be used as concise expressions of IT security requirements. There are two important components of IT security evaluations; the criteria against which the evaluations are performed, and the schemes or methodologies which govern how and by whom such evaluations can be officially performed.
Oracle participates in two internationally recognized security evaluation criteria. Its database server products have consistently achieved high security certification ratings from all the criteria in which it participates. The platforms on which evaluations will take place include evaluated versions of Linux or Oracle Solaris.
Oracle's de facto security evaluation criteria is the International Common Criteria (aka ISO 15408).