PDA

View Full Version : LINUX: unsave at any (clock) speed


Fleur-de-lis
09-29-2016, 01:42 AM
http://arstechnica.com/security/2016/09/linux-kernel-security-needs-fixing/#p3

The Linux kernel today faces an unprecedented safety crisis. Much like when Ralph Nader famously told the American public that their cars were "unsafe at any speed" back in 1965, numerous security developers told the 2016 Linux Security Summit in Toronto that the operating system needs a total rethink to keep it fit for purpose.

Worse, the average lifetime of a critical security bug in the Linux kernel, from introduction during a code commit to public discovery and having a patch issued, averages three years or more. According to Cook’s analysis, critical and high-severity security bugs in the upstream kernel have lifespans from 3.3 to 6.4 years between commit and discovery.

anotherCAfan
09-29-2016, 08:59 PM
I was an IT auditor in my past life. Lot of companies run Linux or Unix operating systems.

It was fun learning (off of Google etc.) things like /etc/passwd.

Fleur-de-lis
10-01-2016, 11:29 AM
I was an IT auditor in my past life. Lot of companies run Linux or Unix operating systems.

It was fun learning (off of Google etc.) things like /etc/passwd.
Given your druthers and from your experience, would you choose *NIX to run a business?

DeltaLover
10-01-2016, 11:52 AM
Given your druthers and from your experience, would you choose *NIX to run a business?

what are the alternatives?

anotherCAfan
12-02-2016, 01:59 AM
Given your druthers and from your experience, would you choose *NIX to run a business?
Sorry for the belated reply. To answer Delta's question, the only other alternative I consistently saw was Windows OS.

I saw a few Mainframe applications (I guess with Mainframe, it's a sort of OS and database concurrently?), but those were being phased out.

An IT audit work program for reviewing the OS layer is a good "health check", in my opinion, for a business. It's still an audit, and part of the overall financial audit (so there is a stigma if we raised any observations); however, if I were an IT manager, I'd want to disable unused default accounts, have some sort of password parameters at the OS layer, know who my admins are, etc.