Headline FeedsLinuxInsider Talkback
|
|
See Full Story
Open source software -- it's fast, it's popular, it's practical, and, best of all, it's free. Chances are you're using some of it somewhere in your enterprise; in fact, you're probably using it in multiple places. One of the most frequent questions security professionals get asked is how open source software compares to its commercial counterparts from a security perspective. There are a number of well-respected individuals arguing on both sides of the "open source security" fence.
Re: The Truth About Open Source Security
Posted by: teotwawki 2007-04-27 02:18:04 In reply to: Ed Moyle
Accountability:
A line of open source code has an identifiable author who feels pride or shame.
The individual coders of a proprietary vendor have no personal accountability and therefore arguably less care in their work.
Release early:
Even if a new open source patch is released every day, an administrator still has the choice to only review/apply them once a month if so desired.
A proprietary vendor never gives the administrator the option of applying a fix as soon as possible, nor even of knowing about the vulnerability.
A line of open source code has an identifiable author who feels pride or shame.
The individual coders of a proprietary vendor have no personal accountability and therefore arguably less care in their work.
Release early:
Even if a new open source patch is released every day, an administrator still has the choice to only review/apply them once a month if so desired.
A proprietary vendor never gives the administrator the option of applying a fix as soon as possible, nor even of knowing about the vulnerability.
Re: The Truth About Open Source Security
Posted by: stanner56 2007-04-26 06:42:07 In reply to: Ed Moyle
The missing piece in this whole argument is the system design.
?nix systems have always had security. It was included in the earliest designs by Ken Thompson and continues today.
Like it or not, OS-2 and all versions of Windows have their roots in MS-DOS which had no security. The security efforts in Windows are an add-on to the original DOS designs.
Though it may be improved, Vista's security is still, at it's base level, an add-on to the original DOS designs. It can be no other way if the intent/requirement is to maintain some portion of compatibility with existing (legacy) applications.
Speaking as a programmer with 30+ years experience, a MCSE and a Unix professor at a local college, if Microsoft or anyone else redesigned Windows from the ground up, any backward compatibility with legacy applications would be lost. Many security companies would be out of business. Fewer network professionals would be needed. In short, the design would resemble, if not match, Ken Thompson's original designs.
It seems to me that the marketing boys and girls have taken lessons from stage magicians. Look to your left while my assistant hides the facts on your right.
?nix systems have always had security. It was included in the earliest designs by Ken Thompson and continues today.
Like it or not, OS-2 and all versions of Windows have their roots in MS-DOS which had no security. The security efforts in Windows are an add-on to the original DOS designs.
Though it may be improved, Vista's security is still, at it's base level, an add-on to the original DOS designs. It can be no other way if the intent/requirement is to maintain some portion of compatibility with existing (legacy) applications.
Speaking as a programmer with 30+ years experience, a MCSE and a Unix professor at a local college, if Microsoft or anyone else redesigned Windows from the ground up, any backward compatibility with legacy applications would be lost. Many security companies would be out of business. Fewer network professionals would be needed. In short, the design would resemble, if not match, Ken Thompson's original designs.
It seems to me that the marketing boys and girls have taken lessons from stage magicians. Look to your left while my assistant hides the facts on your right.
