Days after an embedded-industry CEO stirred up a firestorm by charging that Linux poses a threat to U.S. security, two prominent computing-security experts said last week that some developers are already inappropriately using Linux in critical security applications where it isn't suitable. . . .
Days after an embedded-industry CEO stirred up a firestorm by charging that Linux poses a threat to U.S. security, two prominent computing-security experts said last week that some developers are already inappropriately using Linux in critical security applications where it isn't suitable.

Purdue University professor Eugene Spafford and Cynthia Irvine of the Naval Postgraduate School warned that the highest-level, but little-understood, security concerns are sometimes ignored during the development of control systems for tanks, bombs, missiles and defense aircraft. Linux, Windows and Solaris operating systems should not be used in such applications, Spafford said.

"An awful lot of decisions involving national-defense implications are being made on the basis of price and personal bias, and not upon sound evaluation of the underlying tools and software," said Spafford, who is executive director of the largest U.S. academic research center on information security, the Center for Education and Research in Information Assurance and Security, as well as an adviser to President Bush. "And it's happening in places where it should not be happening."

The link for this article located at eetimes.com is no longer available.