Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!ihnp4.ucsd.edu!agate!reason.cdrom.com!usenet From: "Jordan K. Hubbard" <jkh@FreeBSD.org> Newsgroups: comp.os.linux.development.system,comp.os.linux.misc,comp.os.linux.networking,comp.unix.bsd.freebsd.misc,comp.unix.bsd.netbsd.misc,comp.unix.bsd.bsdi.misc Subject: Re: need secure OS to entrust millions to Date: Thu, 22 Feb 1996 18:02:17 -0800 Organization: Walnut Creek CDROM Lines: 34 Message-ID: <312D2029.FF6D5DF@FreeBSD.org> References: <4gi6t6$3h9@lace.colorado.edu> NNTP-Posting-Host: time.cdrom.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: Mozilla 2.0 (X11; I; FreeBSD 2.1-STABLE i386) To: bryce@c2.org Xref: euryale.cc.adfa.oz.au comp.os.linux.development.system:17814 comp.os.linux.misc:87959 comp.os.linux.networking:29389 comp.unix.bsd.freebsd.misc:14196 comp.unix.bsd.netbsd.misc:2291 comp.unix.bsd.bsdi.misc:2429 Bryce wrote: > I'm writing documentation which advises banks on how to > setup an electronic banking software package on a > Net-connected, firewall-protected Intel box. Some of the > most important banks in the world will be reading this > documentation very soon. The current version of the > documentation, which I inherited, advises them to run > FreeBSD or BSDI. I'm considering changing this > recommendation to Linux. I think this would be an ungodly mistake, frankly. Let's say something *does* happen, or CERT publishes an advisory about some security hole which you don't have the personal resources to fix and the hackers surrounding whichever free OS you choose are just too busy that week to get to it in a reasonable time frame. Or let's say that an entirely undocumented security hole is found by a hacker, the account of one of your customers is cleaned out and he/she sues you for umpety-ump million bucks. It'll look pretty damning in court if you have to stand up and testify to the fact that you actually chose a free OS with no support and no clear lineage of development. Don't get me wrong, I think that free operating systems are great (obviously) and perfectly wonderful for many things, but secure cash transactions and running life support systems are not the kinds of things I'd entrust to them, if only for pure legal liability reasons. Buy a commercial OS and the best support contract money can buy. It almost doesn't matter which (though obviously you're also going to want source code just to cover your butt, so things like SCO are probably disqualified). -- - Jordan Hubbard President, FreeBSD Project