But in some ways, aren't those Open Source software techniques also assisting Juniper, as JunOS is based in no small part on FreeBSD?
Yes Juniper is getting an advantage from Open Source as are hundreds of smaller vendors of routing/switching equipment. I believe it is only a matter of time before Open Source software becomes the de facto standard for everything everywhere. We have already seen that Open Source does not lead to monoculture but does create a competitive environment for operating systems and applications. And we already know that competitive environments are a spur to evolution.
Also, what about DoD Orange Book certification? Can this kind of testing methodology be applied to routing systems as well, such as IOS?
I don't claim to fully understand Orange Book but it seems to me that one of the essences of Open Source is the process of certification. Of course nowadays this certification is rather haphazard and often amounts to people saying that they published their source and there have been no security flaws discovered for X period of time. But it could be done in a more formal and organized way. If it is reasonable for governments to insist on safety certification for airplanes, child carseats, and medical equipment, then why not routers/switches? To learn more about the Orange book, look here http://www.dynamoo.com/orange/
I wonder if infrastructure customers should, or could be getting similar treatment from Cisco in regards to IOS, for them to better protect their customers. (Government would apply here too.)
If you consider the Internet to be a public network which benefits all of society then the question arises: Is it sufficient for a few large private organizations to audit the code in Internet infrastructure devices or should this audit be done by a public agency of some sort? Now that the whole bipartisan environment of the Cold War has disappeared we are more able to experiment with different types of governance structures without being labelled as communist or capitalist. In the corporate world, things Sarbanes-Oxley have legitimized the concept of a public agency having audit oversight over private businesses. It is not unusual to find corporations accepting board members from strategic customers or providing strategic customers some input into governance of the seemingly private corporation. I think that these types of structures are the essence of free market, non-centrally planned economies and that we should feel free to adopt such structures and experiment with them. The DHS is such a structure and it is evolving as it learns. I think it is only a matter of time before the DHS dips its toes into the auditing of software systems, including Cisco IOS and Microsoft software, because society becomes more and more dependent on these software systems every day. --Michael Dillon