Slashdot Mirror
Embedded RTOS Maker Raises Linux Security Issues
drquizas writes "Embedded RTOS provider Green Hills recently delivered an address where they raised the question of whether Linux can be considered secure enough to be used in defense applications. Much of the usual FUD is present in the remarks, although an interesting question is raised regarding what defense and other government contractors are required to do in testing code (in this case anyway): is the closed code here being held to a higher standard than its open-source equivalent, and does this change the 'security through obscurity' argument?"
The NSA seems to think Linux has what it takes. Besides, why arn't these same questions raised with Windows? Is this a non-issue, or what?
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
This guy from Green Hill is obviously scared for his business. It is a known fact that encryption systems whose algorithms are in the open, and have been tested as such are way more secured than those ones that are totally closed, since there is no way to ensure that the closed ones have been properly tested.
You can easily make the argument that Green Hills could hire someone who is a spy of some kind and that is embedding a back door code within Green Hills software. Now, who else but Green Hills would find this backdoor? And if they actually find it, what is the probability that they would tell anyone and what is the probability that they will find it right away?
In the case of Linux, hundreds of people are looking constantly at the code, which increases exponentially the chances for any possible backdoor to be found right away. Now, not everyone is allowed to upload code to the main source tree, just a small minority, but everyone can still look at it. Can Green Hills say the same thing about their "closed," "who knows what's inside of it" code? I don't think so!
I totally feel more secured with the "open" approach! What about you?!