The document discusses open source software and security. It notes that while open source code being publicly available could enable security vulnerabilities if viewed by malicious actors, open source may also increase security through transparency and many eyes reviewing the code. Studies have found Linux source code to have significantly fewer bugs than closed source commercial software. The document also discusses how transparency, interoperability, and avoiding vendor lock-in have driven many governments to adopt open source solutions for national security and accessibility reasons.
11. #1 org to keep secrets releases their blueprints?
12. "Let me assure you that this action by the NSA was the crypto-equivalent of the Pope coming down off the balcony in Rome, working the crowd with a few loaves of bread and some fish, and then inviting everyone to come over to his place to watch the soccer game and have a few beers” --Larry Loeb Source: http://www.ibm.com/developerworks/library/s-selinux/?n-s-381
14. Why did the most security conscious agency in the US do this?
15. "The Information Assurance Research Group of the NSA is responsible for carrying out the research and advanced development of technologies needed to enable NSA to provide the solutions, products, and services to achieve Information Assurance for information infrastructures critical to U.S. National Security interests .” Source: http://www.nsa.gov/selinux/info/faq.cfm
22. “ Given enough eye balls all bugs are shallow” - Eric S. Raymond
23. EnglishTranslation : Given the fact that many people are constantly looking at the source code, and because anyone can improve it (by reporting or fixing bugs for eg.), it is less likely to contain many bugs.
25. A four-year study released by Coverity, reports Linux has a low bug count, making the code more stable and secure. The 2.6 Linux production kernel, now being shipped with software from Novell and other Linux vendors, contains 985 bugs in 5.7 million lines of code, far below the industry average, said Seth Hallem, Coverity's CEO. Source: http://www.internetnews.com/dev-news/article.php/3448001
26. Commercial software contains 20 to 30 bugs for every thousand lines of code, according to Carnegie Mellon University's CyLab Sustainable Computing Consortium. That is the equivalent to 114,000 to 171,000 bugs in 5.7 million lines of code.
28. Defect density declined by 2.2 percent as the total lines of code in the Linux kernel continues to grow from 5.76 million in December 2004 to 6.03 million in July 2005, which represents a 4.7 percent increase. "Although the size of the Linux kernel increased over the six-month study, we noticed a significant decrease in the number of potentially serious defects in the core Linux kernel," said Seth Hallem, CEO of Coverity, in a statement.
49. Some Chinese officials are convinced that having an American government dominate the market compromises national security. Secret security flaws in Windows can be used to access Chinese networks. Officials like to state the discovery of the NSA key in Windows as proof that Microsoft is working with the US government on intelligence issues. Source: http://www.g4tv.com/screensavers/features/39528/China_The_Republic_of_Linux.html
50. “ Officials like to state the discovery of the NSA key in Windows as proof that Microsoft is working with the US government on intelligence issues?”
52. Kraft points to an ongoing public battle between the Commonwealth of Massachusetts and Microsoft. The state is trying to pass legislation that would have the state adopt an open source document policy by January 2007 in order to better protect the accessibility of its digital documents. Source:http://searchopensource.techtarget.com/originalContent/0,289142,sid39_gci1180306,00.html
53. The state is arguing that if Microsoft or another closed source software vendor ceased to support older versions of its platforms, thousands of the state's archived documents could be rendered useless.
54. Imagine during an emergency or after a disaster, governmental organizations not being able to work effectively because they relied on a closed document format
57. A computer virus, like a biological virus, must have a reproduction rate that exceeds its death (eradication) rate in order to spread. If the reproduction rate falls below the threshold necessary to replace the existing population, the virus is doomed from the beginning
58. The reason that we have not seen a real Linux virus epidemic in the wild is simply that none of the existing Linux viruses can thrive in the hostile environment that Linux provides. The Linux viruses that exist today are nothing more than technical curiosities; the reality is that there is no viable Linux virus. Source: http://librenix.com/?inode=21