potential security issues with embedded systems?

[Kyle Barger <kbarger () LTSP EDU>]

The recent story about Diebold teller machines being hit by the Nachi worm
started me thinking.  In the past few months I've seen demonstrations of a
PBX system and of a "one card" debitcard/building access system that were
both based on Windows.

We all know what we've had to deal with in terms of security issues for
Windows as a server and desktop OS.  What has the track record been for
embedded systems that use Windows?  Is this enough of a concern to take
such products out of the running for future consideration?  What about
other operating systems?  If I buy a firewall appliance that's built on
Linux, should I worry about how fast the vendor will be releasing firmware
upgrades to handle Linux security issues that crop up?

Any experiences or thoughts are appreciated.
--
Kyle Barger        Manager of Computing & Telecom Services
kbarger () ltsp edu   The Lutheran Theological Seminary at Philadelphia

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.