Slashdot article on MITRE open source software

[Bill Horne]

----- Original Message -----
From: "John Chambers" <jc at trillian.mit.edu>
>
> Funny that they should express it so  carefully.   It's  not  at  all
> uncommon for the security folks to use much stronger wording:  If you
> want your system secure, you don't run *anything* unless you have the
> source  and  you  compiled  it  yourself.   If  you use a binary-only
> program, you have no idea what might be hidden inside it.  They often
> also  add  that  anyone in a security position who approves of binary
> software is either incompetent or (more likely) on the take.
>
[snip]
> I've occasionally wondered whether the  DoD's  security  people  have
> studied  this  problem, and if so, how widely the defenses against it
> have been put in place.  Given  the  fact  that  they  are  using  MS
> systems, I'd guess that the people who understand such issues are not
> listened to by the decision makers.

DoD has always relied on physical security in preference to electronic
security such as cryptography. This is due, in large part, to the fact that
DoD has a large workforce of low paid men who are trained to shoot guns.
It's also due to the ever-present maxim of military command: "Everyone is
replaceable". DoD is likely to favor the software with the widest knowledge
base amoung recruits, ergo M$.

I hadn't know that MITRE was being circumspect with this report: in
comparison to other documents I've seen, this one is practically sedicious.
To say, *in the Executive Summary*, that FOSS should be not only approved
for use, but fast tracked in major ways, seems like a micro-revolution in
the ranks.

Bill