Gosh, we're all being just a tad xenophobic, aren't we?

I understand Mr. O'Dowd's motivation ($$) for bashing offshore development. The truth is that none of the OS software is developed entirely in the USA, and programmers in countries like Russia and India produce some excellent code at a much lower cost. All of it has to be reviewed (even M$) before it is used anyway. Everyone seems to be judging these other countries based on national bias rather than facts. Where have most of the various viruses, worms, trojan horses, etc that we've been subjected to over the last few years originate? (Hint: Made in USA). Get a grip, folks.

Well, as Linux is sh*t anyway its all true?

Smithy: if the US was so good about security, there would never have been any mole at the CIA. If somebody wants to infiltrate badly enough, they will do it. It's that simple.
The only way around it is to have enough dependable people reviewing the code. That way, if one is bought out, (s)he still won't be able to inflict any harm. That's called separation of duty.
Let me repeat this: No matter who writes the code, backdoors can be added without the right review process in place. Btw, where can you review the OS and recompile it yourself??? (besides OSS)?

First the ultra paranoid should go for OSS as atleast then they get to see the source code themselves. Second, not computer system is 100% secure. The only ones that are are not turned on and are not connected to the network.

If the military is really worried about what they are getting they'd higher a team of computer and sofware engineers that would rival M$ and design their own or atleast demand the source code that they can inspect and modify if need be and then compile it themselves. Which they can do with OSS.

MY GAWD, MY GAWD. It's a placeholder -- this zany idea of ZERO -- but it came from NON-WHITE PEOPLE!!!! IT MUST BE IGNORED! We must not incorporate it into mathematics!

Smithy: No, that was not what I was trying to say. I'm saying that no matter where software comes from, it must be checked if it going to be used in a very secure enviroment.
And noone said the US should just use "that clearly evil piece of software in critical American defence systems".
I'm saying that you can not automatically say that if software comes from the US it is all good and secure, and if it comes from outside the US, then it is bad.
But maybe this statement shows how you really feel:
"If the Europeans think its so great, let the dopey French and German weasels use Linux in their critical defence systems." Dopey French and German weasels... I'm from Denmark, could be fun to see what you would say about the danes.
But back on topic: I think that if the US government really wants to be secure, they need to write their own software.. and then double check it.

Without objective criteria, this discussion of "security" all just a bunch of fluff. I believe the government still uses orange book standards that specify the level of security needed, and in turn, the orange book codes "B2", "C1", etc. specify the standards for creation of the code. If Linux fits the standard then it must be OK.

I posted this a while ago against one of O'Dowd's earlier ramblings, but it seems to fit better here....

Where is most US commercial software being coded? China, India, Indonesia, The Phillipines, or anywhere else that labour is 40 cents a day (remember, it's all about profits and "maximizing shareholder value"). Al Qaeda or similar organizations wouldn't have operatives working in any of those countries, would they?. Surely where are no anti-American groups there....

Wake up! This isn't about software security, it's all about the almighty dollar. God bless America, where doing business means you get to do whatever is necessary to fill your pockets and protect your piece of the pie, and damn the truth or social responsibility.

Seriously, it's hard to believe the word or opinion of anyone who is an interested party, and it's in Mr O'Dowd's best interest to do everything he can to stop competition from taking away his business.

Tazor : "Do the US government trust software from any non-open source company? I hope not"
What you seem to be implying is that the fact that there is a possibility, no matter how remote, of some foreign agent "planting a backdoor" in non-open source software, means the US should basically just give up and take Linux software written in China, Russia, South Korea, Iran or even by Al Quaeda operatives and just use that clearly evil piece of software in critical American defence systems.
No way Jose.
Linux and other open source software is clearly a very big theat to American security.
If the Europeans think its so great, let the dopey French and German weasels use Linux in their critical defence systems. Thats their problem.
We in America refuse to hand over our national sucurity to software written by evil Al Quaeda operatives!!

How hard is it for "foreign intelligence and military services with enormous resources" to education a spy to code, send him to the US, get him to work for a software company and plant a backdoor? Do the US government trust software from any non-open source company? I hope not. I do not live in the US but i really hope that US government look into the code they are recieving, from any source. Can Dan O'Dowd really say that none of this employees are spies? Spies are good at hiding their real occupation, that is what makes them spies.
I think the US government (and other goverments) needs to be a little paranoia. Just because you are paranoia, doesn't mean that they are not out to get you.

Actually, the NSA link doesn't claim that Linux is pretty damn secure: "There is still much work needed to develop a complete security solution." But then again I can't recall anyone ever saying that Linux was a mission critical OS. Is anyone running their nuclear power plant's control systems on Linux boxes? Linux is nice but its not the answer to everything...

The NSA seems to think that Linux can be made pretty damn secure.
If they have faith in it....

Annonymous anything is annoying to the military. They need to be able to trust who and what they're dealing with. They want to be friendly with the Iraqis in the street as much as possible, but when they can't tell the difference between a needy kid and a suicide bomber, they end up treating every kid they see as a bomber until they know therwise... So, the issue of "Can we trust this?" is a big one here. OSS might be trustworthy enough for my desk, but the military has higher standards.

OSS isn't some sort of unstoppable secure force. Check out LinuxSecurity's security advisories for weekly Linux distro security advisories--all the buffer overflows and exploits you thought only Windows had. And let's not forget the hacking of GNOME, Debian, Gentoo, and GNU (twice!).

O'Dowd's Russian/Chinese BS is just that and you know it. It never fails to please the crowd by blaming China or Russia. I thought only the lame election year politicians know it.

With all the off-shoring of work that large companies like Microsoft, HP and IBM do there is at least a perception on their part that when selling to the DoD that they should downplay the fact that foreign nationals, in foreign countries, not only have read access to the source code for the OSes (NT/XP/HPUX/AIX) that most DoD contractors don't have themselves, but that these same foreign nationals also, in many cases have write access to that source code too. Whether most DoD contractors care, I don't know, but like I said, the vendors often remind their customer interaction people to gloss over those kind of details.

RTOS has some inherent reliability advantages. Any RTOS is going to tend to have a more deterministic event queue than Linux by definition of what you mean by REAL TIME. Thus to a certain extent testing harnessess can more exhaustively evaluate race conditions and much of the finite states you expect the system to progress through. For embedded systems and mission critical appliances this ought to give better reliability.

This is not to say a Real Time Operating Systems can't be badly written or contain bugs. Its just that determininsm makes testing easier. It also does not mean a RTOS is more efficient than Linux.

Same old same old. back in April he was spouting "Everyday new code is added to Linux in Russia, China and elsewhere throughout the world. Everyday that code is incorporated into our command, control, communications and weapons systems. This must stop." ...

Cmon he has a vested interest... His own company puts out it's own RTOS. Go to that link. Now. Read the TOP of the middle column "Real-Time Operating Systems Must be Highly Reliable"

This is FUD and he does have a vested interest.