News & Press

Green Hills Software CEO Responds to Linux Security Controversy

FAA Flight-safety Certified Operating Systems Deliver the Reliability and Security Required for Defense Systems; Linux Does Not

SANTA BARBARA, CA—April 19, 2004 — In a white paper released today on Green Hills Software’s web site,, founder and CEO Dan O’Dowd addressed the objections of the Linux community to his recent warning that the “open source” process used to develop the Linux operating system makes Linux too insecure to be trusted in defense systems. “Linux is not reliable enough or secure enough to meet U.S. government safety and security standards that several commercial operating systems have already met,” O’Dowd said.

“There are plans to rely on Linux to control our most advanced future defense systems, including the Army’s Future Combat Systems (FCS), the Joint Tactical Radio System (JTRS), and the Global Information Grid (GIG). Until Linux achieves the same level of reliability and security required of commercial operating systems, it should not be used in critical defense systems.”

Much of the reaction to O’Dowd’s speech at the Net-Centric Operations Industry Forum was based on the misconception that proprietary software could not be as reliable or secure as open source software. “This stands the truth on its head,” O’Dowd said. “Green Hills Software’s INTEGRITY operating system has been used for years in safety-critical avionics displays, communications, navigation and flight control systems on numerous military and commercial aircraft including the B-1B, B-52, C-17, F-16, F-35 Joint Strike Fighter, Sikorsky S-92 helicopter, and Airbus A380. The U.S. Federal Aviation Administration (FAA) has certified our INTEGRITY operating system to DO-178B Level A, the FAA’s highest safety standard for software design, development, documentation, and testing. The U.S. mandates DO-178B Level A safety certification for software on which airline passengers’ lives depend. Should we accept a lower level of reliability for the defense systems on which the lives of our soldiers, sailors, airmen and marines depend? Until Linux is certified to DO-178B Level A, we should not ask them to trust their lives to it.”

O’Dowd also pointed out that an internationally recognized software security standard exists: the Common Criteria for IT Security Evaluation (ISO standard 15408). The Common Criteria defines seven Evaluation Assurance Levels (EAL), with EAL 7 being the highest level.

In his April 8 speech, O’Dowd said, "The open source process violates every principle of security. Now that foreign intelligence agencies and terrorists know that Linux is being used to control military applications, they can contribute subversive software that will soon be incorporated into our most advanced defense systems."

In the white paper released today, O’Dowd explained the importance of Linux security certification, “Verification of security under Common Criteria EAL 7 means that you must formally and mathematically prove that the software has not been compromised. An EAL 7 security evaluation will prevent a saboteur working on the operating system development team from subverting the operating system. Linux development and support are being outsourced to China, Russia, and other countries from which commercial defense software would never be purchased. Therefore, it is absolutely essential that Linux be subject to formal EAL 7 verification to determine if it has been subverted by foreign intelligence agents or terrorists before it is allowed to control our nation’s critical defense systems such as FCS, JTRS, and the GIG.”

Green Hills Software’s INTEGRITY-178B operating system is being used in critical defense systems that require EAL 7 certification by the U.S. National Security Agency (NSA). “Several other proprietary operating system vendors have also committed to certifying their operating systems to EAL 7, but Linux has only achieved EAL 2. Even Microsoft Windows has achieved EAL 4. We must not trust national security to Linux until someone is prepared to take responsibility to certify Linux to the same EAL 7 standard that commercial vendors are committed to meet,” O’Dowd concluded. “We don’t need cheaper security, we need better security.”

The white paper released today ( is the first in a series of white papers on Linux security that Green Hills Software will publish. Next week’s paper, “Many Eyes—No Assurance Against Many Spies,” will be published on April 26. For the complete text of these white papers, please visit

About Green Hills Software

Founded in 1982, Green Hills Software Inc. is the technology leader for real-time operating systems and software development tools for 32- and 64-bit embedded systems. Our royalty-free velOSity microkernel, INTEGRITY RTOS, C/C++ compilers, MULTI and AdaMULTI Integrated Development Environments and TimeMachine debugger, offer a complete development solution that addresses both deeply embedded and high-reliability applications. Green Hills Software is headquartered in Santa Barbara, CA, with European headquarters in the United Kingdom.

Green Hills Software, the Green Hills logo, MULTI, INTEGRITY, velOSity, AdaMULTI and TimeMachine are trademarks or registered trademarks of Green Hills Software, Inc. in the U.S. and/or internationally. All other trademarks and products are the property of their respective owners.

North American Sales Contact:
Green Hills Software, Inc.
30 West Sola Street,
Santa Barbara, CA 93101,
Tel: 805-965-6044
Fax: 805-965-6343

International Sales Contact:
Green Hills Software Ltd.
Fleming Business Centre
Leigh Road
Hampshire SO50 9PD
Tel: +44 (0)2380 649660
Fax: +44 (0)2380 649661

Media Contacts:
Green Hills Software, Inc.
Lynn J. Robinson
(805) 965-6044
Patterson & Associates
Barbara Stewart
(480) 488-6909
© 1996-2024 Green Hills Software Privacy Policy Cookies Policy Copyright & Patent Notices