GreenHills, foreigners, and the gummi bear threat

When GreenHills launched their anti-Linux offensive, they crossed a line – and I doubt they even knew it. To cast doubt on the value of Linux in critical applications, GreenHills tried to create a scare about the nationality and “loyalty” of engineers working on Linux. This is stupid on three levels. First, software security is an engineering property, not something passed on like a, a, well, a virus. There are established methods for vetting security, by test, by inspection of the design, and by inspection of the design process – none of these involves the visa status of the developers. Second, software is the flagship international product and has been since that Hungarian fellow von Neumann was working in Princeton. Maybe things look different in Santa Barbara, but in the rest of the world, software development is something that discriminates on the basis of talent and work and not anything else. Finally, it’s absurd to think that software companies can vett their employees better than government security agencies and we know that those agencies can employ people who work for the other side for years. Does Dan O’Dowd stalk around the GreenHills office looking for subtle signs of disloyalty and contraband? I tried to do that here, but other than Matt’s bag of gummi-bears, I saw nothing life threatening. Xenophobia is a poor substitute for solid engineering and it is a more real danger than hypothetical undercover programmers putting trojan horses into unsuspecting software.