[talk] Washington Post article on Linus/Linux

William Totman billtotman at billtotman.com
Mon Nov 9 10:43:22 EST 2015


> On Nov 9, 2015, at 00:39, George Rosamond <george at ceetonetechnology.com> wrote:
> 
> Referenced in a recent Theo presentation...
> 
> washingtonpost.com/sf/business/2015/11/05/net-of-insecurity-the-kernel-of-the-argument
> 
> Honorable mention to the OpenBSD crew early in the article (hint: the
> monkeys), as one of the many security experts at odds with Linus.
> Surprise, surprise if you didn't pick up the theme over the past few years.
> 
> The grsecurity comments have been pretty noisy over the past few years,
> and receive a lot of mention.
> 
> Pretty remarkable article.. rather, shocking.  In reality, nothing
> really has changed in my memory.  No one cared about spam until upper
> management gets too many "C1al1s" emails, or until an attachment shuts
> down the firm for a morning, or a web site is defaced, or customer data
> is lost on laptop and it's publicly disclosed... to imagine that all the
> corporations paying devs to contribute code have any different attitude
> to security would be humorous.
> 
> g
> 
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk


There are a few things that might be at work to change C-level execs minds about their 
responsibilities in securing their companies:
	- the Target breach saw their CEO get canned
	- the justice department seeking to bring criminal charges against executives
		- criminal negligence anyone?
	- cyberthreat insurance is seeing premiums jump as high as 30%
		- let alone the monetary cost of such a breach
	- de facto (individual) industry standards that, if not pursued, could be used by 
		cleaver lawyers in civil suits (vis a vis: the second bullet)


Notice how Torvalds immediately builds the most ridiculous scenario to justify his attitude:

	MILLIONS ARE GOING TO DIE!

He might as well have used the Sun going supernova as an example.

While there are edge cases that involve protecting people’s lives - there are many
other important facets to cyber security that Torvalds obviously doesn’t care about.


-bt





More information about the talk mailing list