Linux Security Rough Around The Edges, But Improving
The National Security Agency built a version of Linux with more security tools that its technologists believe could help make the country's computing infrastructure less vulnerable. They won over the Linux developer community with the changes. But its success depends on the adoption by U.S. companies and government agencies, something that remains very much in doubt.
For more than a decade, the National Security Agency has worked on a way to use a computer's operating-systems to control where software applications and their users can access data within IT environments. The agency succeeded years ago in creating such "mandatory access control" features for specialized operating systems, but very few users had the access or inclination to deploy them. Taking a gamble in 2000 on the emerging Linux operating system, NSA started applying its security approach to the open-source code. The result is its Security Enhanced Linux technology, which it hopes can raise the nation's overall level of cybersecurity.
"Quality of (software) code is crucial to the security of this nation," Dickie George, technical director of NSA's Information Assurance Directorate, said Thursday at an SELinux symposium. George added that the directorate's mission is to research and develop the technology and processes that industry can use to protect itself, and critical U.S. infrastructure, from cyberattacks.
