As the open source industry grows and becomes more widely accepted, the use of Linux as a secure operating system is becoming a prominent choice among corporations, educational institutions and government sectors. With national security concerns at an all time high, the question remains: Is Linux secure enough to successfully operate the government and military's most critical IT applications? As the open source industry grows and becomes more widely accepted, the use of Linux as a secure operating system is becoming a prominent choice among corporations, educational institutions and government sectors. With national security concerns at an all time high, the question remains: Is Linux secure enough to successfully operate the government and military's most critical IT applications?

The United States government sure thinks so. A recent survey conducted by the Mitre Group found 251 Department of Defense deployments of Linux and other open source software. Not only is the United States government sponsoring hundreds of open source projects, it has been reported that open source applications have become major components in the IT infrastructure at the Pentagon.

Proprietary software advocates are currently stirring a debate on whether using Linux in matters of national defense is appropriate. It is their opinion that the availability of the source code for open source applications and the unknown origins of the code can lead to subversive content being deliberately placed into critical codes and putting the security of our entire country at risk.

What makes this debate illogical is the fact that there is not a single mainstream operating system, proprietary or open source that in its current state should be used to run critical national security applications. Any chosen system would have to be adjusted and re-worked to be a proper fit for the government's most critical IT needs. However, assuming the government is turning to Linux for national defense applications, the availability of the source code is exactly what makes Linux the obvious choice. Linux and other open source applications provide the freedom to customize programs to suit specific requirements, a liberty unfounded in proprietary systems. If the security provided by a particular installation is not sufficient it can be modified to ensure the highest levels of protection.

Additionally, the United States government, with special regard to the Department of Defense, puts security and confidentiality to the highest standard. Any code chosen for critical government or military systems must undergo countless hours of analysis and vulnerability assessment before it will even be considered for testing. To imply that our government has not considered the risks of Linux and other operating systems alike and is using insecure infrastructures of any kind is to insult the intelligence and capability of our government and military to protect its citizens.

Linux is not an invitation for IT terrorism, but quite possibly a first step towards preventing it. Linux incorporates a "defense-in-depth" approach to security, meaning robust security measures are implemented at every level of development and deployment. Not relying on obscurity, like closed-source counterparts, Linux truly focuses on the security of the system and its capabilities and strengths continue to improve, surpassing those of proprietary vendors like Microsoft.

-Dave Wreski, CEO Guardian Digital, Inc.
Edited & Prepared by Alison Parker

This story originally appeared in the May 2004 issue of Behind the Shield. For more information on Behind the Shield please visit:

https://guardiandigital.com/resources/blog