, 2001-12-12
The commitment by the federal government to further computer security research may be laudable, but it fails to address the root cause of most security issues: bad software.
Expand all |
Post comment
White House CyberSecurity - Jobs, Research, and Rhetoric, but Few Results
2001-12-12
Anonymous (2 replies)
Anonymous (2 replies)
http://www.nsa.gov (see security-enhanced linux link here).
FIRST, there has to be a good foundation!
We can't build on old code that is not a reliable foundation (as if we did, then everything that is done will be just a cob job that will end up being a new mess).
This project has to be Linux-like.
Over time, the open nature of a massive new security OS development project could involve all (worldwide acedemia, government, and corporate interests should be included to carry out the mission).
Applications constructed for this Security-Enhanced OS... would have to be subjected to an approval and review process. For consumer ease of understanding, these applications could be graded with a security rating value.
We may end up also approving task specific hardware solutions. We just may end up with devices that are hardware only with this OS embedded in them (with the ability to perform only the basic functions that are needed).
There may even be a security protcol that is exclusive to such an OS and to these application specific devices.
A WORLD WIDE EFFORT is needed for this project (and we should stay away from using shortcuts such as Unicode. There has to be specific developments coded for the input device(s) that is/are being used.
We can only attempt to do the best that we can do.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/46/9178#9178