i'm surprised that nobody has mentioned the work that the NSA has done on linux already. there was a posting in c.o.l.a regarding security enhanced linux by the NSA. they've added quite a few features which had previously only existed in OSs like trusted solaris. http://www.nsa.gov/selinux/ there's a mailing list with a lot of activity on it and a fair number of pretty clueful individuals on it. if you're a security wonk (in which case i surmise you're being force to run linux) it's well worth playing with. when last we saw our hero (Thursday, May 23, 2002), Ben Lutgens was madly tapping out: > On Thu, May 23, 2002 at 02:41:31AM -0500, Bob Tanner wrote: > >http://www.washingtonpost.com/wp-dyn/articles/A60050-2002May22.html > > > >Anyone know of any commerical Microsoft products that have been tested by the > >NSA and passed? > > I for one would rather the defense department write thier own software. I > have yet to see a piece of software (opensource or otherwise) that I'd > trust with controlling a rocket, warhead, guidance system.... > > I think the NSA has made the right choice. They've got some real security > minded folks there who are more than capable of auditing code. My guess is > they'd lean toward opensource stuff cause there's no hassles to get access > to the code (not that the NSA would have any problem with it, but it's > additional steps) > -- steve ulrich sulrich at botwerks.org PGP: 8D0B 0EE9 E700 A6CF ABA7 AE5F 4FD4 07C9 133B FAFC -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20020523/57ab9c36/attachment.pgp