Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Cisco crapaganda

  • From: Michael.Dillon
  • Date: Wed Aug 10 08:54:11 2005

> But in some ways, aren't those Open Source software techniques also
> assisting Juniper, as JunOS is based in no small part on FreeBSD?

Yes Juniper is getting an advantage from Open Source as are
hundreds of smaller vendors of routing/switching equipment.
I believe it is only a matter of time before Open Source 
software becomes the de facto standard for everything
everywhere. We have already seen that Open Source does not
lead to monoculture but does create a competitive environment
for operating systems and applications. And we already know
that competitive environments are a spur to evolution.

> Also, what about DoD Orange Book certification? Can this kind of
> testing methodology be applied to routing systems as well, such as IOS?

I don't claim to fully understand Orange Book but it seems to
me that one of the essences of Open Source is the process of
certification. Of course nowadays this certification is rather
haphazard and often amounts to people saying that they published
their source and there have been no security flaws discovered
for X period of time. But it could be done in a more formal
and organized way. If it is reasonable for governments to insist
on safety certification for airplanes, child carseats, and
medical equipment, then why not routers/switches?

To learn more about the Orange book, look here
http://www.dynamoo.com/orange/

> I wonder if infrastructure customers should, or could be getting
> similar treatment from Cisco in regards to IOS, for them to better
> protect their customers. (Government would apply here too.)

If you consider the Internet to be a public network which benefits
all of society then the question arises: Is it sufficient for a few
large private organizations to audit the code in Internet infrastructure
devices or should this audit be done by a public agency of some sort?

Now that the whole bipartisan environment of the Cold War has disappeared
we are more able to experiment with different types of governance 
structures
without being labelled as communist or capitalist. In the corporate
world, things Sarbanes-Oxley have legitimized the concept of a public
agency having audit oversight over private businesses. It is not unusual
to find corporations accepting board members from strategic customers
or providing strategic customers some input into governance of the
seemingly private corporation. I think that these types of structures
are the essence of free market, non-centrally planned economies and
that we should feel free to adopt such structures and experiment with
them.

The DHS is such a structure and it is evolving as it learns. I think
it is only a matter of time before the DHS dips its toes into the auditing
of software systems, including Cisco IOS and Microsoft software, because
society becomes more and more dependent on these software systems every
day.

--Michael Dillon





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.