Linux source code could be infiltrated by dubious elements, including spies, according to a white paper released by Dan O'Dowd, chief executive officer of Green Hills Software Inc.
This is his second white paper in a series that his company describes as being focused on "the urgent security threat posed by the use of the Linux operating system in U.S. defense systems, including the Future Combat System and Global Information Grid."
Provocatively titled "'Many Eyes' - No Assurance Against Many Spies," Tuesday's paper debunks the fallacy that the "many eyes" with access to Linux source code ensure that it is free of Trojan horses or other malicious software.
Here is O'Dowd's argument:
"Now that foreign intelligence services and terrorists know that we plan to trust Linux to run some of our most advanced defense systems, we must expect them to deploy spies to infiltrate Linux. The risk is particularly acute since many Linux contributors are based in countries from which the U.S. would never purchase commercial defense software. Some Linux providers even outsource their development to China and Russia."
What O'Dowd believes is that the assumption that Linux is "safe" is based on what he calls "the dangerous misconception that the so-called 'many eyes' looking at Linux source code will find any malicious bugs hidden in Linux by foreign intelligence agents or terrorists."
"This misconception is based on the silly assumption that looking at source code is an effective way of finding bugs," he continues.
It is this 'many eyes' doctrine that he seeks to debunk:
"Hundreds of bugs that attackers can exploit to penetrate Linux security are identified every year. Many of these critical security bugs have been in the code for years without being detected by the 'many eyes' looking at the source code. How can anyone believe that the open source process can eradicate all of the cleverly hidden intentional bugs put in by foreign intelligence agents and terrorists when the process can't find thousands of unintentional bugs left lying around in the source code?"
Then, just as he did last week, O'Dowd contrasts the vulnerability (as he sees it) of Linux, with the designed-in security of his own company's products - 12 years old, his company specializes in real-time operating systems and software development tools for 32- and 64-bit embedded systems.
"Many people," he declares, "believe that it is impossible for any operating system to have no known bugs in security-critical code, implying that no operating system is really secure. But that is not true. There are no outstanding bugs in our DO-178B Level A certified INTEGRITY-178B real-time operating system. This is the true reliability and security that our national defense systems need."
Anyone who wants to take a look at O'Dowd's white paper first hand will see that it reviews mechanisms that O'Dowd believes can be used to infiltrate and compromise Linux and its source code. He also explains why he believes malicious code can easily escape detection.
O'Dowd isn't done yet. Next week will come paper no. 3: "Linux Security: Unfit for Retrofit."
Surely rebuttal arguments are not beyond the community's collective energies and ability? LinuxWorld invites informed discussion of the two white papers so far.
The whitepaper is available at http://www.ghs.com/linux/manyeyes.html.