[Golden Eagle]

Let's face it, you just made a moronic statement.

No, actually it is of great concern. Not sure how much you know about what is known as "open source" software, but it's name is exactly what it is, open source code, ie. the pre-binary condition of software in normal text format.

Linux is a member of the "open source" family, and because of that, the entire interworkings of it's internal mechanisms is freely published on websites around the world.

That makes for a very poor security model, and the secrecy of anything, especially as needed in Government or DoD environments, is depending on how "classified" you keep the material.

What this means in total is the source code parent of the sofware running at least the public White House website is know freely available throughout the world for potential exploit, a very bothersome issue to some that work in the field of computer security.

[ikka]

That makes for a very poor security model, and the secrecy of anything, especially as needed in Government or DoD environments, is depending on how "classified" you keep the material.
What this means in total is the source code parent of the sofware running at least the public White House website is know freely available throughout the world for potential exploit, a very bothersome issue to some that work in the field of computer security.

Actually, people who work in the field of security usually assume that the attacker knows the full details of how the system works. "Security through obscurity" is a bad idea. The idea is even if someone knows the entire mechanism or procedure, that they still cannot break it due to its safeguards.

Further, that the code is published means that everyone is free to audit it, including the NSA (which produced its own set of patches for Linux and ended up doing their own Linux distribution and made it freely available).

If the WH were using Windows XP, they would not have the ability to view the source code, and under US law could not decompile it to assure themselves it was working correctly.

[Luke-Jr]

It also means that there are thousands of programmers who look at the source code and can therefore spot a security hole or fix one that has recently been exploited. Hackers can find holes whether or not they have the source, anyway, they're used to stuff like that. However, you can only fix a hole if you have the source.

[Calpernia]

I thought Linux was based on Unix Tech. Wasn't Unix developed by the Bells?

And...I thought the developers had an option of posting open source software. I didn't think that meant your personal files/data/et al.

[grunt03]

What this means in total is the source code parent of the sofware running at least the public White House website is know freely available throughout the world for potential exploit, a very bothersome issue to some that work in the field of computer security.

This is a false statement. Compiled code can be easily disassembled or traced with a debugger.

[chilepepper]

That makes for a very poor security model

You have it exactly 180^o backwards. At the SANS Institute courses and seminars, the instructors stress that open source has extremely STRONG advantages over closed source security wise, and they gave multiple examples where that was the case in the area of cryptography.

In order for a cryptographic algorithm to be accepted, it MUST be open source, and there are prizes offered to whoever can detect flaws in it and break it. The actual code that breaks the algorithm MUST be published as well...

[mikenola]

Opensource software components (not necessarily Linux) are used extenisvely throughout DoD, and generally haven't been suspectible to the type of exploitation you talk about.

In fact it's an urban myth, probably propogated by proprietary software vendors.

There are many layers of security involved in any system that would process national security sensitive data, beyond anything built into the operating system itself.

Bottom line is that both opensource and proprietary are equally vulnerable, the question as to whether they are exploitable has to be considered by looking at the system as a whole (as well as the competence of the folks running said system)

[dark_lord]

Linux is a member of the "open source" family, and because of that, the entire interworkings of it's internal mechanisms is freely published on websites around the world. That makes for a very poor security model, and the secrecy of anything, especially as needed in Government or DoD environments, is depending on how "classified" you keep the material.

1st of all, that ain't exactly correct. For example, the algorthim for Rijndael is published publically, and you can download source code versions to create your own implementation. Yet Rijndael (usually pronounced "Rhine Dahl" or "Rain Doll" is now the official Advanced Encryption Standard of the United States, having replaced the previous standard, DES or triple-DES.

Rijndael uses a 256 bit key, whereas DES used a 168 bit key. Go here for a C++ implementation of Rijndael. Go here for a bunch of Rijndael info, including other programming language implementations.

You are basically making an argument for "security by obscurity". I won't say that the argument is invalid, but I will say that many security experts do not agree with it. Now you may disagree with them but your opinion is not a consensus opinion even in the security field.