Re: Security TCO

From: Keith W. McCammon (
Date: 04/08/03

From: "Keith W. McCammon" <>
Date: Tue, 8 Apr 2003 14:26:51 -0400

> some of that has changed. Interesting to note that the US Govt. just
> gave the Open BSD group 2 million to do security work. Interesting they
> didn't give the money to Microsoft.

Not trying to start another lame us vs. them thread, but any time you
compare something like Windows to something like OpenBSD, you're talking
apples and oranges.

One the one hand, you have an OS, the primary goal of which is to provide
easy interoperability with a large number of products, with minimal
knowledge of how each of those products actually works. On the other hand,
you have an OS, the primary goal of which is to provide rock-solid security
out-of-the-box--interoperability is still important (kind of the *nix
standard), but everything takes a back seat to security.

Having said that, I'm not the least bit surprised to see the money go to
OpenBSD. This is a group that has proven time and time and time again that
they can produce an exceptionally stable and secure product release. As
such, if security is your number one priority, and you're willing to
sacrifice some ease-of-use, then OpenBSD is the very obvious choice. Do I
run OpenBSD on my desktop? No, of course not. But would I run an IDS
sensor/monitor on anything else? There's a very good chance that I would
not (unless I'm in the FreeBSD mood :).

My $.02...

Keith W. McCammon