SELinux I'm sure the Linux experts know about this but even putting on my biggest tin foil hat I couldn't help but smile at the irony of it The Original Contributors The National Security Agency (NSA) Researchers in NSA's National Information Assurance Research Laboratory (NIARL) designed and implemented flexible mandatory access controls in the major subsystems of the Linux kernel and implemented the new operating system components provided by the Flask architecture, namely the security server and the access vector cache. The NSA researchers reworked the LSM-based SELinux for inclusion in Linux 2.6. NSA has also led the development of similar controls for the X Window System (XACE/XSELinux) and for Xen (XSM/Flask). SELinux policies in Fedora were initially focused on network facing services. However several dozens of desktop software including Firefox, HAL, D-Bus etc are protected by default using SELinux policies in current releases of Fedora.
One of the main advantages of open source is that anyone can examine the code, unlike other software. So far i don't think anyone has unearthed any back doors in any part of the Linux code.
In addition to breaking other people's codes and security, the NSA is also responsible for creating codes and secure communications systems for the rest of the US government. This distro was probably developed developed for government use to be as secure as possible.
It's not so clear cut. You can rephrase that as : How many people used open SSL? (I know I have done in the past) It's open source, it was managed by competent developers and yet it had a massive security fault. Using open source software does not mean you are secure. Only that when faults are discovered they can be fixed, but not before they are often instantly known to all hackers (it's hard to keep them secret). Security Agencies: I don't think it's traditional 'back door' vulnerabilities that the NSA (or whoever) would consider putting in place, but more that weaknesses could be ignored or even engineered. It's much easier to do that with open source software than it is for proprietary systems. With closed source infrastructure the NSA have to intercept the hardware during transit and implement backdoors at a firmware / hardware level. For open source I bet you there's been times when they've gone 'We don't need to do that with that platform, we can just throw our super computer at the box for a few minutes, grab the public / private keys and then play piggy in the middle until the end of time' I'm not saying open source is unsafe, or even that it's less safe than closed source. Only that being "open source" is not the holy grail of security. You've still got to get everything else right as well.
Depending who you ask it was not managed by competent developers. openBSD developers seem to think it was very poorly managed hence their own fork. Its not really, lots of security patches come from security specialists who report the bug and wait for it to be patched before they release the report etc on it. Rather than shouting from the rooftops before people had had a chance to fix it. 100% agree. Its not the holy grail but having a open source code base allows me to understand how some of my software works. Rather than just assuming that somebody else is making it safe for me.
