Further, that the code is published means that everyone is free to audit it, including the NSA (which produced its own set of patches for Linux and ended up doing their own Linux distribution and made it freely available).
If the WH were using Windows XP, they would not have the ability to view the source code, and under US law could not decompile it to assure themselves it was working correctly.
Your entire post is basically incorrect.
You say "security through obscurity is a bad idea." No it's not, it the basis of the entire "classification" system of the US Government. I know because I have worked there.
You bring up the NSA Linux, but failed to provide the hyperlink. As soon as you provide it, I will use, cut copy and paste right from it and post back on here where it says it is NOT a security solution for Linux.
The White House very well could request to review the source of XP, which they may or may not have done. If I had to guess, and based on some of what I do know about interoperation, they probably already do have at least access to it whether they ever explicitly asked for it or not.
You could lay out every single security system used at Fort Knox and let people download the blueprints over the Net, and Fort Knox would be no less secure than it is today. Fort Knox's location is known to anyone who cares to look at a map.
Security through obscurity would posit that Fort Knox' location would not be generally known, and depend on that to provide protection.
If the person in charge of security at Fort Knox or anywhere else does not assume that an attacker already knows every routine and alarm system, and have a plan to still be secure, he is derelict in his duty and should be removed.
I get the feeling we are talking at cross purposes because the term "security through obscurity" means a specific thing when talking about computer security, and you are thinking of some other situation involving obscurity.
Further, that the code is published means that everyone is free to audit it, including the NSA (which produced its own set of patches for Linux and ended up doing their own Linux distribution and made it freely available).
If the WH were using Windows XP, they would not have the ability to view the source code, and under US law could not decompile it to assure themselves it was working correctly.
Your entire post is basically incorrect.
Actually, the bulk of it is right on the money.
You say "security through obscurity is a bad idea." No it's not, it the basis of the entire "classification" system of the US Government. I know because I have worked there.
The "security through obscurity" idea is deeply flawed, and the example you cite relies only marginally on StO practices in that certain data is kept classified and certain terms are deemed classified entirely or when used in concert with other terms. However, the means of keeping it classified is not via StO practices but thoroughly reviewed and openly-tested means of security.
Bottom line: Security through Obscurity Isn't. If it was, then Microsoft wouldn't be leading the pack in terms of having the most worm- and trojan-friendly OS and applications out there. As it stands, it does...even though its product is closed-source.
You bring up the NSA Linux, but failed to provide the hyperlink.
Haven't we had this discussion before? I know I provided you a link then, but I'll provide it again.
As soon as you provide it, I will use, cut copy and paste right from it and post back on here where it says it is NOT a security solution for Linux.
To quote from the site:
This work is not intended as a complete security solution for Linux. Security-enhanced Linux is not an attempt to correct any flaws that may currently exist in Linux. Instead, it is simply an example of how mandatory access controls that can confine the actions of any process, including a superuser process, can be added into Linux.
Essentially it provides a version of Linux that possesses mandatory access control (a system-wide chrooted jail if you will) for all processes and files (since UNIX treats everything as a file, this is actually quite important).
Sure, it's not the be-all/end-all of security solutions, but it's a far cry better than what Microsoft has to offer. Hell, that OS coughs up system-wide control at the drop of a hat.
The White House very well could request to review the source of XP, which they may or may not have done.
What would be the point? So the White House could direct its tech professionals to strip the Windows OS down to the point that it no longer resembles the XP with which the rest of the populace has to suffer? Besides, Microsoft itself has already admitted to fundamental flaws in its code base that spans all versions of Windows. The flaws are so fundamental that Microsoft itself has stated that they cannot fix them.
Doesn't exactly leave me with a sense of confidence in Microsoft's closed-source "security"...
-Jay