Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!spool.mu.edu!pravda.aa.msen.com!nntp.coast.net!news.dacom.co.kr!news.uoregon.edu!kaiwan.kaiwan.com!pell.pell.chi.il.us!there.is.no.cabal
From: orc@pell.chi.il.us (Orc)
Newsgroups: comp.os.linux.development.system,comp.os.linux.misc,comp.os.linux.networking,comp.unix.bsd.freebsd.misc,comp.unix.bsd.netbsd.misc,comp.unix.bsd.bsdi.misc
Subject: Re: need secure OS to entrust millions to
Date: 24 Feb 1996 15:32:22 -0800
Organization: By the Holy Claws of Klortho the Magnificent, this IS a fine morning!
Lines: 34
Message-ID: <4go766$q7m@pell.pell.chi.il.us>
References: <4gi6t6$3h9@lace.colorado.edu> <312D2029.FF6D5DF@freebsd.org>
NNTP-Posting-Host: pell.pell.chi.il.us
Xref: euryale.cc.adfa.oz.au comp.os.linux.development.system:18003 comp.os.linux.misc:88259 comp.os.linux.networking:29662 comp.unix.bsd.freebsd.misc:14348 comp.unix.bsd.netbsd.misc:2313 comp.unix.bsd.bsdi.misc:2455
In article <312D2029.FF6D5DF@freebsd.org>,
Jordan K. Hubbard <jkh@FreeBSD.org> wrote:
>Bryce wrote:
>> I'm writing documentation which advises banks on how to
>> setup an electronic banking software package on a
>> Net-connected, firewall-protected Intel box. Some of the
>> most important banks in the world will be reading this
>> documentation very soon. The current version of the
>> documentation, which I inherited, advises them to run
>> FreeBSD or BSDI. I'm considering changing this
>> recommendation to Linux.
>
>I think this would be an ungodly mistake, frankly.
>
>Let's say something *does* happen, or CERT publishes an advisory about
>some security hole which you don't have the personal resources to fix
>and the hackers surrounding whichever free OS you choose are just too
>busy that week to get to it in a reasonable time frame. Or let's say
>that an entirely undocumented security hole is found by a hacker, the
>account of one of your customers is cleaned out and he/she sues you for
>umpety-ump million bucks. It'll look pretty damning in court if you
>have to stand up and testify to the fact that you actually chose a free
>OS with no support and no clear lineage of development.
Hmm. But wouldn't that eventuality be dealt with by buying a
FreeBSD or Linux distribution from a vendor who provided support
services? After all, your customers probably don't care about
how much the system cost as much as they care about being able
to get support at any time they need it.
____
david parsons \bi/ orc@pell.chi.il.us
\/