“Recently, on a major computer industry website an interesting
article was posted, regarding Linux security. The article starts
off by stating that there is “growing concern that the Linux
operating system suffers from major security problems that could
prevent its widespread adoption in the enterprise environment.”.
Following that they have a quote from Clive Longbottom saying:
“Security needs to be built into the architecture of the operating
system. This cannot happen if your source code is publicly
available.”. It goes on with more quotes like “At present a hacker
would be able to go through the operating system like a dose of
salts,” (salts being a British term for laxative I assume).”
“This is just false. Unfortunately the article ends after a few
quotes with no real conclusion as to what they were actually trying
to get across, so I can only assume that they think OpenSource =
insecure because attackers can see the problems. People seem to
make several [false] assumptions with regards to OpenSource verses
closed source software…”
“In short OpenSource software does make life a little easier for
some attackers, but most attackers skillfull enough to understand
the source code and write exploits are also expert enough to do
“blackbox” testing on proprietary software (such as running it
through a debugger or decompiler), and find problems they can
exploit there. In sum I don’t think Linux is more of a security
risk then any other popular OS, and generally speaking it is easier
to secure then most proprietary OS’s. For example the
Securityportal sponsored site “CryptoArchive” has a high security
requirement, since it will be distributing cryptographic
software to people. Several alternatives were considered, with
Linux and OpenBSD being the “finalists”, Linux eventually beat out
OpenBSD when CryptoArchive was able to use “CoDomain” from Wirex
communications, many of the security measures taken for
CryptoArchive would not be possible with a proprietary
OS.”