Aug 07 2007
Between Defcon and Linux World, I’m too tired to record a podcast tonight. I got home yesterday at 5:00 pm and had to leave the house to go to San Francisco at 6:00 am, then I got home tonight at 8:00 pm. Is it any wonder I’m tired and grouchy?
I talked to several people about the lack of security topics at Linux World after the earlier blog post and I think I’ve discovered at least one of the reasons. The first time I attended LW was either 2003 or 2004, and security was a big thing at the time. Everyone was talking about Linux and how secure it was as an operating system. At that time the Linux community was having a big battle to prove that they were every bit as secure as Microsoft, and it showed. Every vendor wanted to prove that they had figured out how to secure Linux and that they were better at it than anyone else.
Fast forward to today: it’s fairly well accepted that Linux is at least as secure as Windows out of the box, and with similar amounts of effort, Linux is generally more secure than Windows. There are always exceptions, and with an infinite amount of effort, both OS’s can be made completely secure, but overall it’s easier to dig into the internals of Linux and secure it.
So right now, Linux users and Linux enterprises are feeling pretty good about their security. But this business is highly cyclical. Some time in the next few years the security of Linux will be called into question again, either due to Microsoft, a major compromise of the OS or something else unforeseen. And when it happens, security will once again be in the forefront of the minds of the people attending the event. Until then, I guess I’ll have to be satisfied with the few fringe vendors who are directly working in security, rather than the majority who list security as just another feature.