http://www.defcon.org/html/defcon-13/dc13-speakers.html (Search for
Potter.)
[...] No, not the standard issue "OpenBSD is uber secure, Windows
sucks" discussion. Rather, I've been focusing on the long term
impact of each of these operating systems on the security of
enterprise networks and the Internet as a whole. Any reasonable
tech geek can be trained to lock down a host. Give them a checklist
and some procedures and lock it down and *boom* a secure host.
However, while that host may be secure today, what are the
differences in long term security between the major operating systems.
As it turns out, a lot of the long term security issues revolve
around the development method used to develop the OS. Windows is
designed as one big systems, and to some extent the BSD's are as
well. But Linux... Linux is designed with duct tape in mind. Linux
distros are held together with spit and tape, and the ramifications
on security are dire. I've been gathering data from mail lists,
looking at code, and talking to people running big systems in an
attempt to figure out how bad things really are. I'm sure many of
you will find this talk inflammatory, and that's a good thing.
"Knowing is half the battle."... even if you don't want to hear it.