Quote:
Originally Posted by e1-531g
For most use cases (Threat model) Gnu/Linux is reasonably secure if someone doesn't do stupid things and update it frequently.
|
The same could be said for any OS. That's not actually the issue being discussed anyway and adds nothing meaningful.
In case you missed it:
Quote:
|
So it’s really hard to have people go over it; we have to rely on automated testing and on tools. There are too many lines in too many obscure places for humans to really check.
|
This is tantamount to saying - we can't audit it because there's too much of it. If it's not then what is it? If it can't be audited and it's ok to have code in "obscure corners", should it be running on stuff like cisco routers or whatever (especially considering the notoriety for poor support from such vendors)?
In my view this is just yet another "get out", as with:
http://www.cio.com/article/2434264/o...-monkeys-.html
(though perhaps a little more subtle this time around)
Opinion: Torvalds has pretty much chosen to do nothing at all with regards to kernel security and left it to third parties, i.e. a reactive approach rather than a proactive one. There wasn't really a security model in the first place, so retroactively implementing that is not easy - and of course discrediting "security people" is easier.