by Bob Toxen - Friday, 29 August 2003.
If the damaged code could be replaced with little effort it has no significant value. Its inclusion, had it occurred, clearly was not malicious on the part of the "kernel team" nor by Distributions nor by users. Juries usually root for the little guy. Would a jury rule that a "mom and pop" shop owed money to SCO? I doubt it. SCO would go bankrupt before it filed many of these suits anyway.

Where do we go from here? First, ignore any letters from SCO and assure management that there is no risk in using Linux, only advantages. Point out that had there been stolen code in Microsoft code you would have no more protection and still could be sued successfully by whomever owned the code. Read your Microsoft EULA; you give up any right to sue Microsoft for anything. There is such a suit concerning stolen code in a purchased Microsoft product right now in the U.S. courts. The users probably will lose big.

Be grateful for IBM and Red Hat having the courage to fight SCO rather turn tail and run, tossing money to SCO as Hewlett-Packard did. Be thankful to Eric Raymond and others who volunteered their time to analyze this problem and publicize that there is no threat. Be relieved that Linux developers will be even more careful about IP. Be impressed that the Linux community will protect itself and the world against assault by bullies such as SCO and Microsoft. Tell everyone you know that Linux is the most secure, reliable, and cost-effective solution to their problems and help them transition.


Bob Toxen is author of the new book "Real World Linux Security: Intrusion Prevention, Detection, and Recovery, 2/e", the first edition (available in English, Chinese, and Japanese), one of the 162 official developers of Berkeley Unix, and one of the four programmers who first ported Unix to the Silicon Graphics workstation. The book's web site is An interview with Bob is available here.

Bob has his own consulting company specializing in inexpensive Linux solutions for network security, helping clients around the world. These solutions include Firewalls, VPNs, virus and spam filters, backup software, security audits, and security consulting.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th