patriot with flag

Patriot Computing

Secure. Productive. Patriot.
Sections
 

Security

eagle over flag

Government and corporate IT security officers are increasingly concerned with the vulnerabilities of their systems to malicious code, while their legal staffs often find it difficult to maneuver among the various software licensing models.

While open source software has strong productivity benefits, running installers and executables that were downloaded from the internet could result in the unintentional introduction of malicious code. These sites are often hosted overseas or administered by hard-working but part-time volunteers, who are more concerned with availability than with security. While site maintainers do their best to provide source code along with the executables, and to provide MD5 or other checksums, few IT professionals have the time to recompile applications from source or to verify MD5 checksums on downloaded components, leaving them vulnerable to man-in-the-middle attacks while downloading, malicious code inserted to the executable after it was uploaded to the web site -- or even malware introduced by malicious site maintainers.

To alleviate these problems, Patriot Computing downloads every product from the internet in source code form, avoiding the executables and installers that are often bundled for convenience, and extracts only the source code onto CDs or DVDs which are inspected and then transfered by hand to Patriot Computing production machines. These production machines are standalone machines or 2-3 machines clusters, which are not connected to any other network in order to minimize risk of compromise or infection. Our products are then compiled from source, bundled with Patriot Computing installers, written to CD or DVD, and shipped directly to customers. Avoiding internet distribution frees customers from need to worry about man-in-the-middle attacks or verifying checksums, and enables the products to be readily installed on corporate intranets or other systems not connected to the internet. Unlike applications downloaded from the internet, we guarantee that the compiled libraries and executables that you receive contain precisely the compiled source code that we include on the disk -- no more and no less. This level of transparency ensures that you will know exactly what your programs and libraries are doing.