| Linux a national security risk, competing RTOS vendor claims |
Apr. 08, 2004
Proprietary RTOS vendor Green Hills and its CEO Dan O'Dowd have launched a broadside against the use of Linux in military and defense applications. Green Hills has issued a press release based on O'Dowd's anti-Linux remarks at a speech to the Net-Centric Operations Industry Forum in McLean, Va.
Three months ago, O'Dowd was widely pilloried in the Linux community for an editorial he wrote for the EE Times predicting the death of the Linux tools market.
O'Dowd opined, essentially, that foreign developers contributing to the Linux source code pose a national security threat to the U.S. Said O'Dowd, "The open source process violates every principle of security. It welcomes everyone to contribute to Linux. Now that foreign intelligence agencies and terrorists know that Linux is going to control our most advanced defense systems, they can use fake identities to contribute subversive software that will soon be incorporated into our most advanced defense systems."
O'Dowd went on to criticize Green Hills competitors MontaVista and LynuxWorks for their international cooperation. The Green Hills press release borrows a Jim Ready quote from a LinuxDevices.com interview: "Recently, the CEO of MontaVista Software, the world's leading embedded Linux company, said that his company has 'two and a half offshore development centers. A big one in Moscow and we just opened one in Beijing -- so much for the cold war.'"
According to Green Hills, "Linux software, including contributions from Russia and China, is spreading rapidly through the Defense Department because it can be freely downloaded from the Internet without a license agreement or up-front fees, bypassing legal, purchasing and security procedures. A recent survey conducted over a two-week period by the Mitre Group found 251 Department of Defense deployments of Linux and other open source software."
The Green Hills release continues, "Linux has been selected to control the functionality, security, and communications of critical defense systems including the Future Combat System, the Joint Tactical Radio System and the Global Information Grid. 'If Linux is compromised, our defenses could be disabled, spied on or commandeered. Every day new code is added to Linux in Russia, China and elsewhere throughout the world. Every day that code is incorporated into our command, control, communications and weapons systems. This must stop,' said O'Dowd."
"Linux in the defense environment is the classic Trojan horse scenario -- a gift of 'free' software is being brought inside our critical defenses. If we proceed with plans to allow Linux to run these defense systems without demanding proof that it contains no subversive or dangerous code waiting to emerge after we bring it inside, then we invite the fate of Troy," O'Dowd said.
The Green Hills release next attempts to refute what it terms Linux's "many eyes" approach to security, possibly an oblique reference to a famous Linus Torvalds quote, "Given enough eyeballs, all bugs are shallow."
According to Green Hills, "Advocates of the Linux operating system claim that its security can be assured by the openness of its source code. They argue that the 'many eyes' looking at the Linux source code will quickly find any subversions. Ken Thompson, the original developer of the Unix operating system -- which heavily influenced Linux -- proved otherwise. He installed a back door in the binary code of Unix that automatically added his user name and password to every Unix system. When he revealed the secret 14 years later, Thompson explained, 'The moral is obvious. You can't trust code that you did not create yourself. No amount of source-level verification or scrutiny will protect you from using untrusted code.'"
"Before most Linux developers were born, Ken Thompson had already proven that 'many eyes' looking at the source code can't prevent subversion," O'Dowd said. O'Dowd failed to address any potential weaknesses in the modern Linux development methodology, which has augmented the historical "many eyes" bug catching process with an automated testing and verification system.
"Linux is being used in defense applications even though there are operating systems available today that are designed to meet the most stringent level of security evaluation in use by the National Security Agency, Common Criteria Evaluation Assurance Level 7 (EAL 7)," O'Dowd said. "We don't need cheaper security. We need better security. One 'back door' in Linux, one infiltration, one virus, one worm, one Trojan horse, and all of our most sophisticated network-centric defenses could crumble. We must not abandon provably secure solutions for the illusion that Linux will save money. We must not entrust national security to Linux," O'Dowd concluded.
Talk Back!
Do you have questions or comments about this story? Share them in our Talkback Forum
Related Stories:
(Click here for further information)
|
|
|
7 Advantages of D2D Backup
For decades, tape has been the backup medium of choice. But, now, disk-to-disk (D2D) backup is gaining in favor. Learn why you should make the move in this whitepaper.
4 Legal Reasons to Control Internet Access
The Internet is obviously a valuable resource for many organizations. However, many are exposed to legal liability concerns because they fail to control Internet access. Learn if you're safe in this white paper.
Rapidly Resolve J2EE Application Problems
Whether you are in the process of building J2EE applications or have J2EE applications already running in production, you must ensure that they deliver the expected ROI. Learn how in this white paper.
Load Testing 2.0 for Web 2.0
There are many unknowns in stress testing Web 2.0 applications. Find out how to test the performance of Web 2.0 in this white paper.
Build Better Games Online
For the game infrastructure providers, life is complex. Making money from games has become more complicated. Why? Find out in this white paper.
Building a Virtual Infrastructure from Servers to Storage
This white paper discusses the virtual storage solutions that reduce cost, increase storage utilization, and address the challenges of backing up and restoring Server environments.
Gaining Faster Wireless Connections with WiMAX
Welcome to what is quickly becoming the hyperconnected world where anything that would benefit from being connected to the network will be connected. Learn more in this white paper.
Is Your Desktop a Security Threat?
The new wave of sophisticated crimeware not only targets specific companies, but also targets desktops and laptops as backdoor entryways into those business’ operations and resources. Learn how to stay safe in this white paper.
Increasing SAN Reliability by 100 Percent
Storage area networks (SAN) are a strong part of storage plans. Learn how to increase your reliability and uptime by 100 percent in this case study.
|
|
|
|
|
Use of this site is governed by our Terms of
Service and Privacy Policy.
Except where otherwise specified, the contents of this site are copyright © 1999-2008
Ziff Davis Enterprise Holdings Inc. All Rights Reserved.
Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise is
prohibited. Linux is a registered trademark of Linus Torvalds. All other marks are the property of their respective owners.
news feed