That was me. The policy is that the OS must be open source as well as
any communication or encryption software. The reasoning behind that is
this: Data security can be compromised by a bugged or trojaned op sys.
Data that is transmitted can be compromised by a bugged or trojaned
communication or encryption program. If you have the source code to
audit, and particularly, if you compile the op sys or program from the
source code, checking the hash of the code against a trusted figure, you
most likely have a foundation for a secure system. The rest involves
configuration, keeping the apps and kernel updated, etc.
Smitty
Seth wrote:
>
> I just helped a friends small company put in a linux file server. We really
> weighed win 2000 server vs. linux
> We went with Linux for 2 reasons, cost and security
> money is tight w/ his company right now, and what was expensive were the
> client access licenses (CALS). (it really annoyed me to have to pay money for
> one computer to talk to another)
> as for security my friend is a little paranoid about security and does read
> the tech news and sees the MS security holes posted everyday. He really liked
> it when I explained to him that open source software gets tested more nad
> when a hole is found a fix is available almost immediately, or you can fix it
> yourself (wish I was that smart)
>
> BTW I remember someone on the list saying their company encourages open
> source software and demands it for anything security related, who was that?
> they had a great explanation of why they did it that way.
> --
>
> Seth
> seth@hollen.org
>
> Lottery: The excitement of bad math.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:06:39 EDT