As the open source industry grows and becomes more
widely accepted, the
use of Linux as a secure operating system is becoming a prominent
choice among corporations, educational institutions and government
sectors. With national security concerns at an all time high, the
question remains: Is Linux secure enough to successfully operate the
government and military's most critical IT applications?
The United States government sure thinks so. A recent
survey conducted by the Mitre Group found 251 Department of Defense
deployments of Linux and other open source software. Not only is the
United States government sponsoring hundreds of open source projects,
it has been reported that open source applications have become major
components in the IT infrastructure at the Pentagon.
Proprietary software advocates are currently stirring a debate
on whether using Linux in matters of national defense is appropriate.
It is their opinion that the availability of the source code for open
source applications and the unknown origins of the code can lead to
subversive content being deliberately placed into critical codes and
putting the security of our entire country at risk.
What makes this debate illogical is the fact that there is not
a single mainstream operating system, proprietary or open source that
in its current state should be used to ris and vulnerability
assessment before it will even be considered for testing. To imply that
our government has not considered the risks of Linux and other
operating systems alike and is using insecure infrastructures of any
kind is to insult the intelligence and capability of our government and
military to protect its citizens.
Linux is not an invitation for IT terrorism, but quite
a first step towards preventing it. Linux incorporates a
"defense-in-depth" approach to security, meaning robust security
measures are implemented at every level of development and deployment.
Not relying on obscurity, like closed-source counterparts, Linux truly
focuses on the security of the system and its capabilities and
strengths continue to improve, surpassing those of proprietary vendors
-Dave Wreski, CEO Guardian Digital, Inc.
Edited & Prepared by Alison Parker
This story originally appeared in the May 2004 issue of Behind
the Shield. For more information on Behind the Shiled please visit: