ZDNet – Torvalds explains why he gets angry with security people.
Developers are often accused of not thinking about security, but Linux kernel founder Linus Torvalds has had enough of security people who don’t think about developers and end-users.
After blasting some kernel developers last week for killing processes in the name of hardening the kernel, Torvalds has offered a more measured explanation for his frustration with security myopia.
While he agrees that having multiple layers of security in the kernel is a good idea, certain ways of implementing it are not, in particular if it annoys users and developers by killing processes that break users’ machines and wreck core kernel code. Because ultimately, if there are no users, there’s not much point in having a supremely secure kernel, Torvalds contends.
“‘Do no harm’ should be your mantra for any new hardening work,” Torvalds instructed security developers, reminding them to see the bigger picture.