Welcome!

Linux Containers Authors: Liz McMillan, Elizabeth White, Zakia Bouachraoui, Pat Romanski, Stefana Muller

Related Topics: Linux Containers

Linux Containers: Article

"Foreign Powers Will Deploy Spies to Infiltrate Linux," Argues O'Dowd

"Foreign Powers Will Deploy Spies to Infiltrate Linux," Argues O'Dowd

  • Read "Subversive Software" - O'Dowd's Linux Security Controversy Continues

    Dan O'Dowd is back. Today he issued his second white paper in a series that his company Green Hills Software describes as being focused on "the urgent security threat posed by the use of the Linux operating system in U.S. defense systems, including the Future Combat System and Global Information Grid."

    Provocatively titled "'Many Eyes' - No Assurance Against Many Spies," today's paper debunks the fallacy that the "many eyes" with access to Linux source code ensure that it is free of Trojan horses or other malicious software.

    Here is O'Dowd's argument:

    "Now that foreign intelligence services and terrorists know that we plan to trust Linux to run some of our most advanced defense systems, we must expect them to deploy spies to infiltrate Linux. The risk is particularly acute since many Linux contributors are based in countries from which the U.S. would never purchase commercial defense software. Some Linux providers even outsource their development to China and Russia."

    What O'Dowd believes is that the assumption that Linux is "safe" is based on what he calls "the dangerous misconception that the so-called 'many eyes' looking at Linux source code will find any malicious bugs hidden in Linux by foreign intelligence agents or terrorists."

    "This misconception is based on the silly assumption that looking at source code is an effective way of finding bugs," he continues.

    It is this 'many eyes' doctrine that he seeks to debunk:

    "Hundreds of bugs that attackers can exploit to penetrate Linux security are identified every year. Many of these critical security bugs have been in the code for years without being detected by the 'many eyes' looking at the source code. How can anyone believe that the open source process can eradicate all of the cleverly hidden intentional bugs put in by foreign intelligence agents and terrorists when the process can't find thousands of unintentional bugs left lying around in the source code?"

    Then, just as he did last week, O'Dowd contrasts the vulnerability (as he sees it) of Linux, with the designed-in security of his own company's products - 12 years old, his company specializes in real-time operating systems and software development tools for 32- and 64-bit embedded systems.

    "Many people," he declares, "believe that it is impossible for any operating system to have no known bugs in security-critical code, implying that no operating system is really secure. But that is not true. There are no outstanding bugs in our DO-178B Level A certified INTEGRITY-178B real-time operating system. This is the true reliability and security that our national defense systems need."

    Anyone who wants to take a look at O'Dowd's white paper first hand will see that it reviews mechanisms that O'Dowd believes can be used to infiltrate and compromise Linux and its source code. He also explains why he believes malicious code can easily escape detection.

    O'Dowd isn't done yet. Next week will come paper no. 3: "Linux Security: Unfit for Retrofit."

    Surely rebuttal arguments are not beyond the community's collective energies and ability? LinuxWorld invites informed discussion of the two white papers so far.

  • More Stories By Linux News Desk

    SYS-CON's Linux News Desk gathers stories, analysis, and information from around the Linux world and synthesizes them into an easy to digest format for IT/IS managers and other business decision-makers.

    Comments (16)

    Share your thoughts on this story.

    Add your comment
    You must be signed in to add a comment. Sign-in | Register

    In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


    IoT & Smart Cities Stories
    The platform combines the strengths of Singtel's extensive, intelligent network capabilities with Microsoft's cloud expertise to create a unique solution that sets new standards for IoT applications," said Mr Diomedes Kastanis, Head of IoT at Singtel. "Our solution provides speed, transparency and flexibility, paving the way for a more pervasive use of IoT to accelerate enterprises' digitalisation efforts. AI-powered intelligent connectivity over Microsoft Azure will be the fastest connected pat...
    There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
    Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
    At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
    Druva is the global leader in Cloud Data Protection and Management, delivering the industry's first data management-as-a-service solution that aggregates data from endpoints, servers and cloud applications and leverages the public cloud to offer a single pane of glass to enable data protection, governance and intelligence-dramatically increasing the availability and visibility of business critical information, while reducing the risk, cost and complexity of managing and protecting it. Druva's...
    BMC has unmatched experience in IT management, supporting 92 of the Forbes Global 100, and earning recognition as an ITSM Gartner Magic Quadrant Leader for five years running. Our solutions offer speed, agility, and efficiency to tackle business challenges in the areas of service management, automation, operations, and the mainframe.
    The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, compared the Jevons Paradox to modern-day enterprise IT, examin...
    With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
    DSR is a supplier of project management, consultancy services and IT solutions that increase effectiveness of a company's operations in the production sector. The company combines in-depth knowledge of international companies with expert knowledge utilising IT tools that support manufacturing and distribution processes. DSR ensures optimization and integration of internal processes which is necessary for companies to grow rapidly. The rapid growth is possible thanks, to specialized services an...
    At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...