Linus Torvalds: Don't glorify the security "monkeys"

Leave it to Linus Torvalds, founder of the Linux kernel, to speak his mind. While many point to Linux as superior to Windows as offering superior security, Torvalds doesn't want anyone to make a fetish of security, including the OpenBSD people to whom he addresses this classic missive:

...[O]ne reason I refuse to bother with the whole security circus is that I think it glorifies - and thus encourages - the wrong behavior.

It makes "heroes" out of security people, as if the people who don't just fix normal bugs aren't as important.

In fact, all the boring normal bugs are way more important....Security people are often the black-and-white kind of people that I can't stand. I think the OpenBSD crowd is a bunch of [self-stimulating] monkeys....

I agree. Well, it's not that I have anything against the OpenBSD developers, or against anyone that makes security their job, but rather that I personally think computing has much bigger problems than code-level security. We've seen that human error (like lost laptops) leads to widespread security vulnerabilities that no amount of development can fix.

If I had to choose between a better UI for Linux and better security for Linux, I'd take the former every time. Users can improve poorly secured software by improving only behavior, but not if they won't use the software in the first place.

If regular bug fixing and security bug fixing are equally important then why are the security guys branded as "monkeys"?? Come on.. Is name calling really going to achieve anything?? As for wanting a better Linux UI, so say all of us but what good is it if the underlying OS isn't properly defended? Security isn't just about stopping "your" computer from getting infected. It's also about stopping "your" computer from being hijacked to spam others, it's about protecting identities, intellectual property and customer data. More than half the spam we have to deal with is generated by PCs infected with bot-net code. There's huge costs associated with all this. I think good security contributes more to the overall good of computing than a nice desktop ever will.

[MSSlayer]

Your comments are based on the misguided assumption that security exploits require user intervention. Some do, most don't.

[M C]

Matt, considering CNet's position on quickly posting any security-company PR release that comes through their door, you might not find a lot of agreement from your co-workers.

Or more succinctly, CNet <3's "security monkeys."

[bousozoku]

Linus shouldn't open his mouth or type because he always puts his foot in it.

I suppose he has no way of having his information used against him, so he's not concerned about security.

The OpenBSD people do an amazing job, without exemption, and he should have praise for them instead of scorn.