INTEGRITY: The Only Secure Operating System

This certification is the first of its kind, the highest Common Criteriasecurity level ever achieved for an operating system. Only an EAL6+ HighRobustness operating system is certified to protect classified informationand other high value resources at risk of attack from hostile andwell-funded attackers. This is secure by anyone's definition.

The highest security standard to which any other operating system iscertified only protects against "inadvertent or casual attempts to breachthe system security." That is not even close to secure by anyone'sdefinition.

No other operating system has even begun the stringent EAL6+ NIAP/NSAcertification process (http://www.niap-ccevs.org/cc-scheme/in_evaluationlists products that have begun a certification process). Furthermore,Common Criteria states that "EAL4 is the highest level at which it islikely to be economically feasible to retrofit to an existing productline." INTEGRITY was designed for EAL7 -- the highest level of security -and thus was able to meet the NSA's High Robustness requirements.

"The certification is a landmark in the security world," commented DanO'Dowd, founder and chief executive officer, Green Hills Software."INTEGRITY is the only solution to the long-unsolved problems of protectingthe world's critical infrastructure, keeping private information private,and thwarting even the most determined cyber attackers."

"For years, information security has been myopically protecting theorganization from the outside in with technologies like firewalls andantivirus and largely overlooked the need to protect it from the insideout. In Gartner's vision of Adaptive Security Infrastructure, protectingworkloads and information from the inside out will require more intelligentsecurity sensors throughout the infrastructure -- at endpoints, virtualservers and within the applications and data themselves," said NeilMacDonald, vice president and Gartner fellow. "However, security softwarerunning on the same physical machine as the workloads and information it isprotecting can't be unequivocally trusted without strong isolation, highassurance and resiliency of the software, and trust attestation which willbecome the foundation for next-generation Adaptive SecurityInfrastructure."

U.S. Government Protection Profile for Separation Kernels in EnvironmentsRequiring High Robustness (SKPP)

INTEGRITY-178B was certified against the Common Criteria's SKPP, whose HighRobustness designation represents the gold standard for operating systemsecurity certification, requiring "security services and mechanisms thatprovide the most stringent protection and rigorous securitycountermeasures." The security gap between EAL4+-certified products andSKPP-certified products is immense: while EAL4+ does not even requireexamination of the product source code, SKPP requirements include the useof formal methods to mathematically prove the security policies, formalspecifications, formal correspondence between design and implementation,complete test coverage of all functional requirements, and penetrationtesting by the NSA, which has complete access to the source code.

Efforts to meet the U.S. Government's most rigorous functional andassurance objectives for security certainly did not start with the SKPPrequirements. Recognizing High Assurance software processes and standardsas a mandatory requirement for embedded and enterprise computing systemsaround the world, a large team of internal Green Hills Software expertsbegan work in 1999 on compliance with some of the world's most demandingsoftware assurance standards. As a result, INTEGRITY's ongoingcertification accomplishments started with its first RTCA/DO-178B Level Acertification in 2002.

INTEGRITY: Certified to the Highest Software Assurance Standards

The INTEGRITY operating system's pedigree also includes certification andcompliance with other demanding government and industry softwarereliability standards.

-- RTCA/DO-178B Level A, the highest level of avionics safety certification granted by the Federal Aviation Administration and the European Aviation Safety Agency-- FDA Class III, the most life critical medical devices approved by the Food and Drug Administration-- IEC 61508 SIL 3, the highest level industrial safety certification granted to an operating system by TÜV

INTEGRITY is the only operating system to have achieved more than one ofthese certifications.

INTEGRITY: Proven, Deployed Technology

The INTEGRITY operating system's pedigree includes a service history datingback to 1997, when it was first adopted by critical U.S. defense systemsthat required absolute security and total reliability.

-- Flying the Boeing B-1B intercontinental nuclear bomber; the Boeing 787 Dreamliner flight controls; Lockheed Martin's F-16, F-22, F-35, C-130J, and Orion Crew Exploration Vehicle; and dozens of other aircraft-- Securing military and intelligence computers, network routers, mobile devices, and radios-- Widespread adoption in medical, industrial control, automotive, and telecommunications

The Ultimate Open Platform

With its open standards, POSIX-conformant interface and ability to hostarbitrary general purpose operating systems, such as Windows and Linux, invirtual machines, INTEGRITY can run more application software than anyother operating platform, while maintaining the absolute highest level ofsecurity for critical components, algorithms, applications, and subsystems.INTEGRITY enables solutions to many of the world's long-standing computersecurity problems, including safe Internet browsing on corporate PCs;protection of critical enterprise servers; unhackable digital rightsmanagement (DRM); and multi-level security for government laptops,desktops, PDAs, and servers.

The Critical Infrastructure Crisis

As President-elect Barack Obama recently stated, "Every American depends --directly or indirectly -- on our system of information networks. They areincreasingly the backbone of our economy and our infrastructure, ournational security and our personal well-being. But it's no secret thatterrorists could use our computer networks to deal us a crippling blow."EAL6+ certification represents the level of security required to protectthe nation's critical cyber infrastructure. Critical infrastructure devicesand operator computers are increasingly networked, performing criticalfunctions requiring in-field maintenance and software upgrades. INTEGRITYenables computing control and management solutions that cannot be hacked.

Please also refer to Green Hills Software's press release from today:

Green Hills Software Announces Launch of INTEGRITY Global Security, LLC

Delivering the World's Most Secure Technology Solutions

About Green Hills Software

Founded in 1982, Green Hills Software, Inc. is the technology leader indevice software optimization (DSO) and real-time operating systems (RTOS)for 32- and 64-bit embedded systems. Our royalty-free INTEGRITY® andvelOSity(TM) real-time operating systems, µ-velOSity(TM) microkernel,IPv6-ready TCP/IP networking stacks, GateD® Layer 2 switching and Layer 3routing, compilers, MULTI® and AdaMULTI(TM) integrated developmentenvironments, DoubleCheck(TM) integrated static analyzer andTimeMachine(TM) tool suite offer a complete development solution thataddresses both deeply embedded and high-reliability applications. GreenHills Software is headquartered in Santa Barbara, CA, with Europeanheadquarters in the United Kingdom. Visit Green Hills Software atwww.ghs.com.

Green Hills, the Green Hills logo, MULTI, INTEGRITY, velOSity, µ-velOSity,AdaMULTI, DoubleCheck and TimeMachine, are trademarks or registeredtrademarks of Green Hills Software, Inc. in the U.S. and/orinternationally. All other trademarks are the property of their respectiveowners.

Contact:Green Hills Software, Inc.Barbel French805-965-6044bfrench@ghs.com