[maemo-developers] Security Guidance for N800 OS development

From: Dave Cridland dave at cridland.net
Date: Mon Feb 19 23:00:18 EET 2007
On Mon Feb 19 20:40:41 2007, Acadia Secure Networks wrote:
> Dave,
> if you think of the N800 simply as an entertainment device then 
> security is not a significant issue.
Hmmm... I only recently realized some people do consider it an 
entertainment device.

> However, if and when users start to use this device to store 
> important and sensitive info whether related to business or 
> personal use then OS and application security, and especially the 
> latter has to be properly addressed. It does not matter that the 
> LInux kernel is very secure because once applications/add-ons  (or 
> whatever you want to call them ) which use a protocol stack to get 
> access to the Internet, then there is a risk that misbehavior of 
> such apps can result in a vulnerability, especially if the app 
> inadvertently breaks code.

Right, that's a reasonable stance, but I don't see where Nokia step 
in - there's already a huge amount of literature on writing secure 
programs on Linux, and UNIX in general.

If you're running network daemons on the device, you deserve 
everything you get, of course, but even then, there's plenty of 
documents and guides.

Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at jabber.org
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade

More information about the maemo-developers mailing list