View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
April 13, 2004

Green Hills sparks embedded Linux security row

Embedded systems vendor Green Hills Software Inc has sparked controversy by claiming that embedded Linux is unsuitable for use in US defense systems because it is open to contributions from the open source community at large.

By CBR Staff Writer

The Santa Barbara, California-based company’s CEO, Dan O’Dowd, claimed that the open source development model leaves Linux open to compromise by terrorists but his comments have been dismissed as FUD, inaccurate and factually challenged by embedded Linux experts.

In a speech to the Net-Centric Operations Industry Forum, O’Dowd said: The very nature of the open source process should rule Linux out of defense applications. The open source process violates every principle of security. It welcomes everyone to contribute to Linux.

Now that foreign intelligence agencies and terrorists know that Linux is going to control our most advanced defense systems, they can use fake identities to contribute subversive software that will soon be incorporated into our most advanced defense systems, he continued.

O’Dowd singled out developers in Russia and China for attention, and compared allowing Linux into US defense systems to a Trojan horse. If Linux is compromised, our defenses could be disabled, spied on or commandeered. Every day new code is added to Linux in Russia, China and elsewhere throughout the world. Every day that code is incorporated into our command, control, communications and weapons systems. This must stop, he said.

His comments drew scorn from embedded Linux specialists LynuxWorks Inc and FSMLabs Inc. In a statement to the Groklaw open source research site Inder Singh, CEO of LynuxWorks, said: The shrill broadside of FUD by Dan O’Dowd against the use of Linux in defense systems is in my view just a reflection of the pain that vendors of proprietary systems with closed interfaces are experiencing as the embedded world moves towards Linux.

He continued: The release is full of inaccurate statements and wild generalizations. Mr O’Dowd would have us believe that every foreign developer working with Linux is a spy or terrorist, contributing subversive software to the Linux sources, and that their contributions are automatically included in Linux by Linus Torvalds and the Linux kernel team without any scrutiny.

O’Dowd supported his claims by drawing attention to back-door code included in binary Unix code by its original developer Ken Thompson. This prompted Victor Yodaiken, CEO of FSMLabs to say: Mr O’Dowd has presented a very peculiar take on the famous Turing award lecture by Thompson. One lesson that can be drawn from Thompson’s lecture is that the security of software cannot be separated from the trustworthiness of the vendor. A Linux company that develops software globally and that stresses integrity, solid engineering methods and organizational processes to assure quality and security should inspire some trust. A company that depends on factually challenged and emotional appeals to fear of foreigners should inspire some caution.

Content from our partners
Infosecurity Europe 2024: Rethink the power of infosecurity
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond

O’Dowd’s comments come as the embedded systems market systems appears to have accepted Linux as an alternative embedded operating system. One of the largest and last opponents of embedded Linux, Wind River Systems Inc, finally adopted Linux via a joint development agreement with Red Hat Inc in February.

O’Dowd’s comments also echo those made in January by Darl McBride, CEO of SCO Group Inc. I assert that open source software – available widely through the internet – has the potential to provide our nation’s enemies or potential enemies with computing capabilities that are restricted by US law, he wrote in a letter to US senators and representatives as part of the Unix vendor’s long-running legal campaign against Linux.

McBride’s comments were dismissed by Ed Black, president and CEO of the Open Source And Industry Alliance, as excessive hyperbole.

This article is based on material originally published by ComputerWire

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.