Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
----- Original Message ----- From: "John Chambers" <jc at trillian.mit.edu> > > Funny that they should express it so carefully. It's not at all > uncommon for the security folks to use much stronger wording: If you > want your system secure, you don't run *anything* unless you have the > source and you compiled it yourself. If you use a binary-only > program, you have no idea what might be hidden inside it. They often > also add that anyone in a security position who approves of binary > software is either incompetent or (more likely) on the take. > [snip] > I've occasionally wondered whether the DoD's security people have > studied this problem, and if so, how widely the defenses against it > have been put in place. Given the fact that they are using MS > systems, I'd guess that the people who understand such issues are not > listened to by the decision makers. DoD has always relied on physical security in preference to electronic security such as cryptography. This is due, in large part, to the fact that DoD has a large workforce of low paid men who are trained to shoot guns. It's also due to the ever-present maxim of military command: "Everyone is replaceable". DoD is likely to favor the software with the widest knowledge base amoung recruits, ergo M$. I hadn't know that MITRE was being circumspect with this report: in comparison to other documents I've seen, this one is practically sedicious. To say, *in the Executive Summary*, that FOSS should be not only approved for use, but fast tracked in major ways, seems like a micro-revolution in the ranks. Bill
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |