He simply doesn't understand.

Story: Green Hills Software Issues White Paper: ``Linux Security: Unfit for Retrofit''Total Replies: 1
Author Content

May 03, 2004
5:08 AM EDT
He simply doesn't understand

Linux has more distrobutions with thousands of software titles. Each of these have to be checked, just like propertiry software. He is adding pu the number of probelms in all distros, and all software packages and comparing it to a much smaller number based off one or two vendors who don't provide everything.

His articles are just simply propaganda, he makes software for planes, and other high end systems, yet compares his speciality software to Linux which is a general use OS.

His last article said he would discuss NSA's SE Linux yet all he does is quote a small line and use that as all the proof.

He is sounding more like an anti-linux zealot with each article. Providing less facts and more bogus BS with each statement.

May 03, 2004
9:57 AM EDT
IMHO, thus far, O'Dowd is only ranting on what 'might' or what 'could' happen. O'Dowd doesn't seem to provide any concrete examples of HOW would, WHEN would or WHO could exploit a FLOSS 'lack of security' issue in a real way. It would be different if he (or his company) had actually attempted or executed an exploit on his/their own, and then been able to provide hard facts and evidence to support his claims. The community(ies) could then take his evidence, formulate their own tests, trials etc. and independently 'prove' his claims in a reasonable manner. Until he offers some proof, his claims are all hot air. Still, not to dismiss him entirely, I'd welcome a 'panel' of top security folks (not CEOs of private companies with high-margin Gov't contracts like O'Dowd) to give an update on this issue, at least providing some recent hard facts and perspectives (i.e. Windows and GNU/Linux 'exploits' are not 'on par' with each other, as the tech press make them out to be - an exploit is not 'just an exploit', not all exploits can be compared equally).

Anyone know if Bruce Schneier has publicly weighed in on any of O'Dowd's comments ? I think he'd have some interesting points about some of the claims. For example, there's a great quote of his from this link just last week: http://www.technewsworld.com/perl/story/33504.html

... Consider, on this, what Bruce Schneier says in the introduction to the second edition of his book Applied Cryptography about the difference between security and obscurity:

"If I take a letter, lock it in a safe, hide the safe somewhere in New York, then tell you to read the letter, that's not security. That's obscurity. On the other hand, if I take a letter and lock it in a safe, and then give you the safe along with the design specifications of the safe and a hundred identical safes with their combinations so that you and the world's best safecrackers can study the locking mechanism -- and you still can't open the safe and read the letter -- that's security." ...

Kind of sums it all all up very succinctly (why I like Schneier, he's not only a top-notch 'security guy', he writes well to boot !). Schneier ,IMO, actually uses his brain when discussing security issues.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!