But they have a lot more control over these projects, like security clearances for those working on them.
This is different from SE Linux.
Yes, as I said it would have to be, but do you have any proof this is actually happening.
Then Microsoft Windows should be the most secure OS on the planet. (Chortle. Snicker.)
That's quite a reach. How about addressing your previous statement that the supposed NSA code would be more secure if it was restricted, which I inquired?
I'm pointing out that closed-source does NOT do a thing to make a system more secure in reality. Either a system is secure, or it isn't.
I'm aware of your point, but it is incorrect. "Classification" of government information is a science of procedures whereby information is kept secret to reduce exposure and eventual duplication. Things like the security system of the US Capital would not be more secure if it was posted on the internet, likewise withholding immediate access to source code is a deterent to it's theft or exploitation.
BTW, I am an MCSE.
That's interesting, surprised you don't know more about M$/Government interaction. There are places in the government (not where I work) where "windows update" is the official policy. Those places get every patch before a hack has been posted, and rarely if ever get exploited whatsoever. Yes they expose themselves to possibly poorly designed patches, or adverse effects to applications, but where security is a high priority it this setup can work well.
They can have those with people working on Linux derivatives. But if you're telling me that they can't implement a proprietary flavor of Linux across their enterprise without serious problems, then you're telling me that they cannot possibly manage a Microsoft enterprise architecture, because Microsoft keeps admins extremely busy.
That's quite a reach. How about addressing your previous statement that the supposed NSA code would be more secure if it was restricted, which I inquired?
I didn't say that the NSA B1 Linux would be more secure; it would be extremely secure either way. The point is that if the NSA keeps the source closed, then that system can't be used outside of the US government, and that means that OTHER organizations will not be able to acquire it.
I'm aware of your point, but it is incorrect.
Actually, it isn't.
"Classification" of government information is a science of procedures whereby information is kept secret to reduce exposure and eventual duplication.
And Microsoft source code is FAR less accessible than most US government classified information.
But it still has massive security holes that get exploited on a nauseatingly regular basis.
Things like the security system of the US Capital would not be more secure if it was posted on the internet, likewise withholding immediate access to source code is a deterent to it's theft or exploitation.
One more time: Microsoft's source code is not available to the people who write things like Blaster.
But the stuff works. "Security through obscurity" is a very bad joke.
That's interesting, surprised you don't know more about M$/Government interaction.
I probably know a great deal more than you actually do.
There are places in the government (not where I work) where "windows update" is the official policy. Those places get every patch before a hack has been posted, and rarely if ever get exploited whatsoever.
Actually, what happens is that when the first symptoms of attack appear, they close every port into and out of the network, and pretty much cripple their operations until they're sure they've patched the vulnerability.
Yes they expose themselves to possibly poorly designed patches, or adverse effects to applications, but where security is a high priority it this setup can work well.
Assuming that Microsoft does a competent job. Big assumption.
And a poorly-designed patch can break other software, as you note. You do NOT want your network admin to clobber the CIWS or the RAM launcher with a routine update, especially when you're toe-to-toe with the bad guys.
Only for unimportant applications where you can actually risk losing your server, or even take the time to reboot your server once a week for that matter. I run Windows Update on my desktop about once a week (or right away if I hear of a new vulnerability), but that is fine because it is only my desktop. If our servers were bounced more than once or twice a year for any reason the sysadmin would be fired, and anything necessitating patching the kernel better be rare indeed. Much better to use a more securable and less bug-prone operating system and not have to worry about downtime. Which could be a lot of operating systems, but it isn't Windows.