Green Hills Releases Paper Titled Linux Security: Unfit for Retrofit

5/4/2004 - Dan O'Dowd, Green Hills Software founder and CEO, issued his third white paper in a series focused on the urgent security threat posed by the use of the Linux operating system in U.S. defense systems, including the Future Combat System and Global Information Grid. Available at, the white paper “Linux Security: Unfit for Retrofit” explains why the security limitations of Linux are innate and cannot be practically remedied. “There is no way to fix Linux to bring it up to the level of security that is required for national defense systems, a level that is already available in proprietary operating systems,” O’Dowd said.

“There is a widespread misconception that open source software inherently provides better security than proprietary software. But, according to the U.S. Government’s database of computer security vulnerabilities maintained by the National Institute of Standards and Technology (NIST), there have been more vulnerabilities of the highest severity in the Linux operating system than in Microsoft Windows in every one of the last ten years!

“Many people believe that the U.S. National Security Agency’s (NSA) Security Enhanced Linux (SELinux) is going to solve Linux’s security problems, but according to the frequently asked questions page on the NSA website, SELinux ‘is very unlikely to meet any interesting definition of secure system.’

“The license that governs Linux requires defense contractors to publish the source code of the operating system for any critical defense system that uses Linux. There is a widespread misconception that this disclosure improves security by allowing anyone to review the source code for potential vulnerabilities. However, the source code of a defense system’s operating system provides a blueprint for its security. Disclosure of the source code makes it possible for our enemies to ascertain the performance, timing, capabilities, and vulnerabilities of the system, including the existence and design of secret devices and encryption chips. This is analogous to publishing the wiring diagrams of our military bases. Our enemies will be able to study our vulnerabilities at their leisure. When it comes to defense systems, secrecy is a critical component of security. Open source code is sure to reduce security for defense systems.

“Some people argue that defense contractors could avoid the largest security perils of Linux (i.e. that much of Linux has been developed offshore by unknown personnel and that the source code must be made public exposing its capabilities and vulnerabilities to attackers) by making a copy of Linux, thoroughly evaluating it for subversions, securing its source code, and then proceeding with development using security checked personnel. Green Hills Software’s extensive experience with safety certification by the Federal Aviation Administration, which is just a subset of a full security evaluation, shows that a thorough security evaluation will cost over $1,000 per source code line. A thorough evaluation of Linux for subversions would cost billions of dollars.

“Many people assume that all code incorporated into major military systems undergoes extensive analysis, review, and vulnerability assessment, but Linux has been selected for use in defense systems with insufficient analysis, review, or vulnerability assessment, because the cost of this analysis would be prohibitive. If a defense program requires a certain level of product requirements specification or documentation or a certain process for development, testing, code review, analysis, or vulnerability assessment, then all of the operating system code must meet the same or higher standards. If it doesn’t, all of the efforts to meet the security and reliability requirements for the rest of the software are meaningless.

“Every principle of security is being violated to enable Linux to spread through our defense systems. This must not be allowed to continue.”

The next Linux Security white paper in the series, “Linux in Defense: Free Software is Just Too Expensive,” will be published on May 10. It shows that Linux is not the lowest cost operating system for defense systems and that Linux does not offer the long-term support model that defense systems need. Prior white papers and articles are archived at

About Green Hills Software
Founded in 1982, Green Hills Software, Inc. is the technology leader for real-time operating systems and software development tools for 32- and 64-bit embedded systems. Our royalty-free velOSity microkernel, INTEGRITY RTOS, C/C++ compilers, MULTI and AdaMULTI Integrated Development Environments and TimeMachine debugger, offer a complete development solution that addresses both deeply embedded and high-reliability applications. Green Hills Software is headquartered in Santa Barbara, CA, with European headquarters in the United Kingdom.

Green Hills Software, the Green Hills logo, MULTI, INTEGRITY, velOSity, AdaMULTI and TimeMachine are trademarks or registered trademarks of Green Hills Software, Inc. in the U.S. and/or internationally.

North American Sales Contact:
Green Hills Software, Inc.
30 West Sola Street,
Santa Barbara, CA 93101,
Tel: 805-965-6044
Fax: 805-965-6343

International Sales Contact:
Green Hills Software Ltd.
Dolphin House, St. Peter Street
Winchester Hampshire SO23 8BW,
United Kingdom
Tel: +44 (0)1962 829820
Fax: +44 (0)1962 890300

Previous Page | News by Category | News Search

If you found this page useful, bookmark and share it on: