Orangecrate is pleased to announce an interview with Dave Wreski, the founder and CEO of Guardian Digital the distributor for EnGarde Linux, a secure Linux distribution. Dave is also known for writing the Linux Security HOWTO, and has just launched the new website LinuxSecurity.com last week. I was thrilled to be able to interview Dave, after all, I have been reading his work for some time, and I do owe him for the pioneering security efforts. I hope that the interview helps you come to understand the man and his company a little better, as his reputation does precede him. I also wish to thank Nicole Pearson and Dave for helping me make this interview possible, I do appreciate your time. ;)
(Submitted by Chuck Talk Thu Dec 9, 2004 )
| ||Chuck Talk: Dave, can you start by telling us how you came to Guardian Digital, and specifically what led you to building secure Linux and open source tools?
Dave Wreski: I started Guardian Digital in early 1999 after a long period of having worked with Unix and Linux systems, and found how much superior it was at solving critical business problems with regards to security than the alternatives. While really still in its infancy then, the potential to build a system much more cost-effectively, and securely, than using commercial products, made it very attractive.
Chuck Talk: When did Guardian Digital begin operations, and what open source projects does Guardian Digital contribute to that set it apart as a distributor to the community?
Dave Wreski: Everything Guardian Digital does is open source and makes it back into the open source community at-large. EnGarde Secure Linux, our flagship product, provides the ability for organization's to quickly and securely build a complete online presence, without requiring a significant of knowledge in managing the ongoing security of the system.
Chuck Talk: Are Guardian Digital projects certified under the Linux Standard Base (LSB)?
Dave Wreski: To a large extent, yes, but primarily due to logistics, has not gone through their certification process. It uses standard libraries one would expect to see, common package management formats, and enables an administrator to easily install their own software without compatibility concerns.
Chuck Talk: Is Guardian Digital more of a server set of tools, or do you foresee moving into the secure workstation space at some point in the future?
Dave Wreski: We're a server company. There are no plans to develop a desktop or workstation suite of applications at this time. Security is all about tradeoffs -- for us to be satisfied with the level of security we'd like to achieve, a workstation would have to be dedicated to a particular purpose.
Chuck Talk: Might Guardian Digital consider applying for Common Criteria Certification for your set of tools, or do you foresee your business model being aimed at the Business Market versus Government?
Dave Wreski: We are actively pursuing CC and other high-security forms of certification, but have no announcement to make at this time.
Chuck Talk: When a business buys from Guardian Digital, are they also buying support simultaneously (perhaps even maintenance)?
Dave Wreski: Yes, that's correct. Security is an ongoing process, and our customers need consistent and reliable services to maintain that security.
Chuck Talk: How does Guardian Digital obtain, contribute to, and apply security patches to your set of tools? Do you provide online updates and patches to your tools?
Dave Wreski: Yes, our Guardian Digital Secure Network provides an intuitive means for administrators to always ensure their systems are as current as possible. Guardian Digital engineers are tasked with following current security trends, investigating and testing potential weaknesses, and applying countermeasures necessary to ensure the integrity of the system.
Chuck Talk: What do you consider to be the number one success story for your company?
Dave Wreski: It would have to be the way in which we have managed to leverage open source as a business model, work with developers across the world and around-the-clock to achieve the perfect balance between ease-of-management and security of our products.
Chuck Talk: What is the number one priority for your product roadmap over the next year? Is there a drive to include new tools, better reporting capabilities, or easier security management?
Dave Wreski: We're continuing to focus on products and services that are crucial to conducting business on the Internet today. Certainly the features you mention are important, and we'll continue the same innovative design and development of secure products using open source that makes Guardian Digital so great.
Chuck Talk: As always, I want to give you the last word, and so I will say thank you for your time, and ask you this question: Where do you foresee you company in the next five years? I know that's a tough question, but sometimes it helps to think ahead. ;)
Dave Wreski: That really is a difficult question. We of course know where we want to be, and we're moving along schedule, but I prefer to be more pragmatic, and leave the lofty ideals for others :-)
I can say that we regularly incorporate the latest developments from both Guardian Digital and the open source community into EnGarde Secure Linux, and expect that will continue to drive the standard in secure open source computing well into the future.
Chuck Talk: Thanks again Dave and Nicole, I wish you all the best, and know that you will continue to succeed. I also want to point out to my audience that they should visit LinuxSecurity.com and Guardian Digital, where you can find out about the server tools, hardware and latest Linux security news.