Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open Source a National Security Threat

Posted by CmdrTaco on from the so-are-coke-cans-and-plastic-knives dept.

n3xup writes "Dan O'Dowd, CEO of Green Hills Software, suggests that open source software has the capability of being sabotaged by foreign developers and should not be used for U.S. military or security purposes. He likened Linux with a Trojan Horse- free, but in the end a lot of trouble. O'Dowd thinks that unfriendly countries will attempt to hide intentional bugs that the Open Source community will have no chance of finding."

4 of 921 comments (clear)

  1. remember this guy? by jabella · · Score: 5, Informative

    Remember this guy? He also wrote "Linux Security: Unfit for Retrofit" ( http://www.ghs.com/linux/unfit.html )

    This was covered by LWN back in May: http://lwn.net/Articles/83242/

    IIRC, GHS does development on embedded XP stuff? I don't remember the details...

  2. Re:FUD. by nemaispuke · · Score: 5, Informative

    In Dan O'Dowd's mentioning of Linux "only" receiving CC EAL 2 is somewhat incorrect. RedHat Enterprise Linux Advanced Server got CC EAL2, SuSe Enterprise Linux was evaluated at EAL 3+. This is roughly the equivalent of TCSEC C2, and can be deployed in a classified environment. I guess he needs to check http://niap.nist.gov/cc-scheme/vpl/vpl_assur_lvl.h tml more regularly and actually read it!

  3. Re:Understand the Source Perspective by kfg · · Score: 5, Informative

    Can you honestly tell me that the government is going to hire a panel of people to check in in-depth source changes on OSS projects?

    The American government actually has an entire agency whose job is to perform just such tasks.

    It's called the NSA.

    Will the NSA actually perform this function with OSS?

    They've already made their own distro.

    KFG

  4. Issues at Hand by gmletzkojr · · Score: 5, Informative

    There are a number of issues that play a part in the Green Hills argument. First of all, let me say that I have had the experience of using Green Hills products (non-military) for the past few years now.

    First of all, coming from a company that charges *a lot* of money for an OS stands *a lot* to lose from a free OS. Therefore, GH would be expected to say that a GH product is better.

    The fact that GH source code is not open source does not mean that no one ever sees it. I have access to the entire source, and, if so inclined, could use that information to create an attack myself or provide the source to someone else. Remember, even though the company signed a release for the source, that doesn't mean that money talks more.

    GH has, up till this point, maintained a 'top dog' status in this area. In fact, when we asked for a driver for USB mass storage, the response was 'Well, where else would you get it? It is going to cost you.'

    IMHO, GH has had a bit of a mini-Microsoft status within the military embedded world. This has certainly mirrored the PC OS world - one leading OS, some neat features, but when you really look at, how many ways are there to create a GUI or an OS. Let's be honest - an OS has queues, semaphores, a file system (replaceable, in GH), etc. So we are not talking about 'rocket surgery'.

    The idea of Linux not being 'military grade' would really need to be made from an independent group. This is akin to MS saying that it has the best browser or GUI. Of course they are going to say that.

    --
    I for one welcome our new [insert main topic] overlords.