[gkgicccj]

What is? And do you have an OS that you are comfortable calling "secure"? Remember security through obscurity as enjoyed by Mac and Linux doesn't apply here because there is actual money and hence incentive to find vulnerability at stake.

[speleding]

It should be much easier to secure a small OS targeted at the job at hand rather than a general purpose OS that supports everything from mouse drivers to webcams which gives it a huge attack surface.

[dannypgh]

I don't think I've heard anyone make that Linux relies on security through obscurity in at least 15 years or so. Linux pretty much won in the server market, and if you consider the volume of e-commerce transactions by the big players on Linux alone... ATMs seem like the small stuff in comparison.

[toomanybeersies]

I would argue that any embedded OS (e.g. FreeRTOS) would probably be more appropriate.

You don't need a fully featured OS, with the massive attack surface that it provides.

[kuschku]

seL4? Other microkernels optimized for secure use cases?

If you wish, you can put the actual UI in a separate chip, with more modern hardware, handling rendering and input.

But please, do not run the control logic for the ATM on a desktop OS

[JohnStrangeII]

VMS or Symbolics GENERA. Security by obscurity works.

[behringer]

Linux employs security by obscurity now?