Well ... I meet a great friend at AppSec USA that already built a secure OS (based on Open Source technology) years ago in a company that failed (i.e. went bust at great personal cost). He is one of the most cleaver guys I know, and he and his team built (at the time) an OS that powered a very high-profile and targeted website that was NOT compromised.
The only catch is that their previous efforts was done under a 'closed software' platform, and my view is that such creation needs to be done under an Open Source model. This would allow the code to be peer reviewed and checked. Just like crypo, a secure OS needs to have the highest degree of assurance.
And since we can't really have a 'Secure Website' without a 'Secure OS' , I'm sure we will see multiple 'Secure OSes' in the future. My only doubt is if my friends' creation will be one of them.
So how do I got to the 4 Million USD value?
I started probing my friend on what he wanted to get out of his (and his team) efforts in building such OS.
Initially the answer was: 'I want to make money with it',
... but actually what is was saying was: 'We need to make money with the Secure OS so that we can pay experts (like me) to work on it"
... which is another variation of: 'What I want is to be paid to work on it, but don't think anybody will pay it unless we build a company around it and charge for its usage'
... which is very compatible with: '... I just want to work on that problem for a couple years, solve it and move on to the next challenge, and ... so as long as I can pay my bills ... I'm good'
So there you go, all these guys want is to be paid to work on what they are passioned for!
And we know from history that when highly intelligent, motivated, passioned and creative people work on what they love, amazing things happen, big problems are solved and products come to life.
Back to practicalities, this means that what we need to pull this off is:
- Yearly costs
- 5 * senior devs at 150k USD each = 750k USD
- 5 * devs at 50k USD each = 250k USD
- admin and infrastructure support = 333k USD
- 3 years cost:
- 3 * 1.333k USD (750+250+333) = 4, 000k USD = 4 M$
So if you know anybody who wants to invest in a secure Operating System, that is open source, and is specifically designed to host Web applications, please ping me and I will put you in touch with the right parties.
Maybe we should do a Kickstarter around this idea? A key advantage is that it would be a great way to create a committed community around the project, specially a community that will be able to test and use the 'Secure Os'.
Trivia question: What is the best proof that an OS is 'really' secure:
Answer: A 'Secure Os' is one that is used by parties who constantly try to hack/compete against each other, i.e. an OS that is used by: NSA, US gov, China gov, Russian gov, Brazilian gov, Facebook, Microsoft, United Nations, Fortune 500, etc... This is similar to the Mutual Assured Destruction concept, since all of the opposing parties have will have vested interest in the underlying security of the base OS (just like today they have in TCP/IP), and any attack executed against an enemy risks sharing the attack vector and allowing exploitation of the attackers own servers. That said, due to the dangers of monoculture (i.e. one vuln to own them all (which is what we have today)), what I think will happen is: Open Specification for an 'Secure OS' with multiple implementations
Trivia question: What is the best proof that an OS is 'really' secure:
Answer: A 'Secure Os' is one that is used by parties who constantly try to hack/compete against each other, i.e. an OS that is used by: NSA, US gov, China gov, Russian gov, Brazilian gov, Facebook, Microsoft, United Nations, Fortune 500, etc... This is similar to the Mutual Assured Destruction concept, since all of the opposing parties have will have vested interest in the underlying security of the base OS (just like today they have in TCP/IP), and any attack executed against an enemy risks sharing the attack vector and allowing exploitation of the attackers own servers. That said, due to the dangers of monoculture (i.e. one vuln to own them all (which is what we have today)), what I think will happen is: Open Specification for an 'Secure OS' with multiple implementations