Comment Re:Doesn't really make sense to me (Score 3, Interesting) 228
Imagine a government with access to a complex OS source code. Then imagine that they get data on all manner of security holes as they are discovered. Imagine also that this government has access to OS security update certifications. Finally, imagine that this same government has the ability to hack into server DNS tables to route targeted users to their alternative 'security updates'.
The penetration of any software company by undercover government operatives would hardly be surprising, but entirely unnecessary. Microsoft would hardly be alone as a target of such espionage -- every software company would be vulnerable, including OSS. There is also the issue with 'backdoors' hard-wired into computer hardware, including especially telecom systems. IIRC, this became an issue recently with news of backdoors alleged to exist in VLSI circuits manufactured in China. Older news alleged that Israel also puts backdoors into the telecom hardware they sell & ship, including to the USA government.
If virtually every government does such spying, including upon their own citizens, and any number of software & hardware companies do the same with their customers, any cautious user of such technology should be aware of the potential security breaches they expose themselves to every time they connect to the internet, or open their front door for that matter. Redundancy & breadth of security beats security through obscurity any day.
The phrases of the day are, "Trust no one", "Security in depth", and "If it can't be accessed remotely, it's more secure & less vulnerable". At that point, physical security & Tempest-hardening secure your valuable data. The rhetorical question is, "How valuable is your data if you cannot readily access it?" I found it humorous that the USA government recently wanted reporters to write their news stories on government-supplied computers, if only to avoid unwanted data leaks & stop potential whistleblowers in their tracks.
Trust the USA government, or any government, or any corporation with an agenda? Why take that risk unmitigated? And who in Hades would put vulnerable sensitive SCADA systems in close proximity to the Internet except an idiot?