Intrinsic vulnerability of Linux?
Interesting paper by Dan O’Dowd arguing that objections to his assertion that Linux is unsafe for defense systems were based on (i) “dangerous misconceptions that it is equally easy for foreign intelligence agents or terrorists to infiltrate malicious code into any operating system” and (ii) “that the many eyes looking at the Linux source code will find any malicious code infiltrated into Linux”. In part, O’Dowd relies on the fact that UNIX co-author Ken Thompson showed many years ago that an open source process couldn’t find clever subversions, no matter how many people of whatever competence looked at the source code. O’Dowd is also claiming that the embedded Linux system sold by his company is not vulnerable in this way. He may be right (I hope he is), but embedded systems are of limited applicability.