Government expert backs open source

A British security agent's endorsement of Linux and the open-source model highlights Windows concerns

An expert at the British government's computer security headquarters, CESG (Communications-Electronics Security Group) has endorsed Linux along with the open source model for software development as the most secure computer architecture available. CESG is the sister organisation of the notoriously secretive GCHQ (Government Communications Headquarters).

Stuart Troughton, a consultant and civil servant at CESG offers expert advice to government agencies and departments on computer security and says that he believes in Linux 100 percent. "Linux is as secure as you can make a computer," he says. "First of all, Unix [on which Linux is based] is the paradigm that the computer is the network, so Linux is secure from the ground up. Secondly, it is open so if I'm not happy with something I can check it myself or hire someone to check it. This is very, very important considering that data is the most valuable thing on the planet, bar none."

Troughton also explains why he would never recommend a competing commercial product with hidden source code. He says, "Windows was built for a single computer and then the network was added on as an afterthought. Also it's closed source, and I would never ever trust someone else completely with security."

Also endorsed by Troughton is the programming expertise behind the security of the Linux operating system. He adds, "There are some very good programmers out there but Alan Cox is head and shoulders above everyone else. His networking stuff is just phenomenal. From what I've heard he writes code like Richard Stallman. They both program like you or I speak."

Microsoft has often claimed that its software is offers superior standards of security precisely because its source code is hidden, what it describes as "security by obscurity". Troughton is not the only person to question this paradigm, however.

Ian Johnston-Bryden, a computer security consultant with who has experience working on government computer networks endorses this view of Linux, saying: "I completely understand this point of view and I agree with him."

Mike Banahan, managing director of security firm GBDirect, also backs up Troughton's opinion of the advantages of open source software. He says, "I don't think anyone who has ever really looked at security has ever taken that 'security by obscurity' claim seriously. I have faith in Linux because I can audit it. I wouldn't put my money in an unaudited bank."

A Microsoft spokeswoman, however, disputes these perspectives, claiming that Microsoft's closed-source software is more secure than ever. "Windows 2000 is the most secure operating system Microsoft has ever shipped," she says. "Among other things, entire development teams were focused solely on searching out security issues within the beta code; Microsoft posted a public Internet beta test site for customers to test the security of the system, and new development processes were put in place to ensure that the system was built from the ground up with security as a key objective."

ZDNet wishes to make it clear that the views attributed to Mr Stuart Troughton were personal ones. CESG has given no offical endorsement of Linux or the open source model for software development.

What do you think? Tell the Mailroom. And read what others have said.

Take me to the Linux Lounge.