---

Security Portal: OpenSource projects – what I learned from Bastille (and others)

“Building a Linux distribution is no easy task, and building a
secure Linux distribution is even harder. Bastille Linux originally
started out with the ambitious goal of creating an entirely new
distribution, based on Red Hat, that would be secure (an OpenBSD
style project basically). Well it was started, a site was created,
a domain name registered, and mailing lists were created.
Unfortunately it simply didn’t generate the kind of community
support required for such an effort (or perhaps fortunately, in
retrospect). A deadline had been set of mid December, the SANS
conference, at which Bastille Linux would be “unveiled” and many
CD’s handed out to happy administrators. Towards this deadline the
core members of the project probably realized that they would look
pretty silly if they had absolutely nothing to show, so the goal of
a complete distribution was dropped in favor of a hardening script
aimed at Red Hat Linux….”

Good software is like a fine wine, it takes time to mature.
If you open it up to soon it tastes horrible, and if you let it sit
to long you might end up with vinegar
(although I’m not sure
what that last bit has to do with software projects it sounds good,
maybe something to do with bloat). Anything to do with security
just compounds the problem since finding bugs in code and
eliminating them takes a lot of work (OpenBSD being an excellent
reference point)….”

Complete
Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis