A news item just out reported that the US NSA has just released a "security-enhanced" version of Linux as a means of demonstrating capabilities and encouraging this kind of work in the open-source community. See http://www.idg.net/go.cgi?id=393954 and http://nsa.gov/selinux/index.html . Maybe they would like to get away from dependence on Microsoft!

Incidentally, because of it's role in assembling a distribution and, potentially, verifying signatures on software components, etc., I'd think that "security assurance" is naturally something that a distributor like SuSE might undertake as a way of distinguishing its product. Thus, the work of verifying the authenticity of source components, re-compiling them, etc., is done once for all. Comments?