Linked by David Adams on Thu 30th Jun 2011 15:40 UTC
Original OSNews Interviews OSNews interviews Alexander Tsolkas, security consultant, Director Sales & Marketing at Iπsec Ltd. Germany, and creator of HSS, or High Security Server, a highly secure Linux kernel and a proprietary management Control Panel. We ask him about his product and about the state of ultra high security computing.
Thread beginning with comment 479266
To read all comments associated with this story, please click here.
Closed source code?
by Alfman on Thu 30th Jun 2011 16:51 UTC
Alfman
Member since:
2011-01-28

Although it was obviously a sales pitch, I think he's right that linux security is in a bit of disarray. Like he said, apparmor will do the job, but it has a lot of room for improvement.


"We wrote in 2008 in IDG Computerwoche (Computerweek) about it and three days later somebody broke into our Hamburg offices and tried to steal the source code. Fact is, we never had the source in our offices...So we think, that one of the existing three-letter-code agencies on earth tried their luck. Since that time, we’ve been keeping a low profile."

I don't understand this at all, isn't the code running in the kernel open source? Is it just the control panel which is closed source? If so, then why would any agencies really care about it?

I certainly hope he's not implying that keeping the source code secret is crucial to the security of the system. A source code leak shouldn't compromise security in the first place.

Edit: I'm probably reading into it to much, but I just don't understand why he'd bother to bring it up.

Edited 2011-06-30 16:55 UTC

Reply Score: 3

RE: Closed source code?
by dzx6w3 on Thu 30th Jun 2011 19:22 in reply to "Closed source code?"
dzx6w3 Member since:
2011-06-30

Hi Alfman,

thank you for this objective comment.Apparmor was good, but...it is exactly how you write.

Agencies care about it, because we already sell it world wide, and there is no backdoor, there is no weak point in the server, except the one sitting in front of it.

No, I will ask where the source resides and let you all know. We do not bother to bring it up. We sold it silently the whole time. But we said, we can have more success if we make some "Rambazamba" as we say here in Germanistan.

Best Regards
Alexander

Reply Parent Score: 1

RE[2]: Closed source code?
by f0dder on Thu 30th Jun 2011 19:32 in reply to "RE: Closed source code?"
f0dder Member since:
2009-08-05

Agencies care about it, because we already sell it world wide, and there is no backdoor, there is no weak point in the server, except the one sitting in front of it.
Let's try once more:

why would agencies be interested in the configuration front-end, when it's the GPL'ed code running in the kernel that's interesting security-wise?

Reply Parent Score: 1