O'Reilly European Open Source Convention - 17-20 October, 2005

Session
Windows vs. Linux vs. FreeBSD: Operational Security and the Development Process
Bruce Potter, Senior Associate, Booz Allen Hamilton

Track: Security
0:000:00
Location: Grand Ballroom
These days, security professionals are focused on the here and now of operating system security. The latest vulnerabilities, patches, and exploits dominate the conversations on the mailing lists and the media. However, the source of these vulnerabilities often goes unexamined.
The three major operating systems we deal with on a daily basis use three completely different development methodologies. Microsoft Windows is developed by a massive corporation with strategic goals in mind and a clear hierarchy in the product development process. Similiarly, FreeBSD and OpenBSD are created as a complete system and have a hierarchy within the coding process. Linux, however, is developed in pieces. The kernel is developed as its own entity and distributions (some for profit, some for free) are left to try and put together a complete operating system that is usable to the users.
Each of these processes have their pros and cons with respect to security. This talk examines the development models in more detail and attempt to quantify their impact on the security of the operating systems. Potter also speaks to the impact of long term maintainability and security of these operating systems given the strategic vision (or lack therein) of the groups writing the code.