Jason Miller, 2004-09-30
In the age old battle between open source and closed source operating systems and applications, can either of them really be considered more secure than the other?
Colapse all |
Post comment
Open Source Versus Closed Source Security
2004-10-01
Anonymous
Anonymous
"Should there be a reason to believe that code that comes from a variety of people, unknown from around the world, should be somehow of higher quality than that from people who get paid to do it professionally?" -- Steve Ballmer
-
"Should there be any reason to believe that a relatively small gro...
[ more ] [ reply ]
-
"Should there be any reason to believe that a relatively small gro...
[ more ] [ reply ]
Open Source Versus Closed Source Security
2004-10-01
Mark Maxey
Mark Maxey
Nice Article Jason, I've enjoyed your others as well.
I think in order to fairly compare open source software to commercial counterparts its important to recognize how heavily audited projects are.
For instance, just because a package is open source does not necessarilly mean security. The de...
[ more ] [ reply ]
I think in order to fairly compare open source software to commercial counterparts its important to recognize how heavily audited projects are.
For instance, just because a package is open source does not necessarilly mean security. The de...
[ more ] [ reply ]
Open Source Versus Closed Source Security
2004-10-04
Coldman
Coldman
Very nice article, indeed. One comment though: "And in the end, it's always easy to put trust into your own observations, and not someone else's." - this is true if (and only if) one has enough skills and experience to trust his observations, which is not the case for most users :)
...
[ more ] [ reply ]
...
[ more ] [ reply ]
One Definite Benefit
2004-10-04
SFN (1 replies)
SFN (1 replies)
The one area where open source does shine above is resolution of discovered vulnerabilities.
Anyone who has watched any of the major vuln lists for any length of time has seen a vulnerability get announced, verified, examined and patched in less than 24 hours. Has anyone ever seen that happen wi...
[ more ] [ reply ]
Anyone who has watched any of the major vuln lists for any length of time has seen a vulnerability get announced, verified, examined and patched in less than 24 hours. Has anyone ever seen that happen wi...
[ more ] [ reply ]
One Definite Benefit - What???
2004-10-04
Anon (1 replies)
Anon (1 replies)
I beleive that Open and closed source software both have their place. I just hate seeing the bloggers spew blatant propaganda about open source when the facts are easily found online.
On March 19th, 2004 a review of vulnerabilities was done by Forrester Research which shows security comparisons o...
[ more ] [ reply ]
On March 19th, 2004 a review of vulnerabilities was done by Forrester Research which shows security comparisons o...
[ more ] [ reply ]
One Definite Benefit - What???
2004-10-05
Anonymous (2 replies)
Anonymous (2 replies)
It's obvious that you're biased towards Windows. That's okay, but the study you cite is almost comparing apples to oranges. With Linux, you get the OS plus all of the applications, and the distribution vendor ships bug fixes for everything. With windows, you get the OS plus a few apps, and Microsoft...
[ more ] [ reply ]
[ more ] [ reply ]
One Definite Benefit - What???
2004-10-06
Anonymous
Anonymous
Agreed. One only has to compare Firefox (Mozilla) and IE to give you an idea of how long vulnerabilities are solved.
On a side note, MS doesn't fix some of their issues, they choose to avoid it by turning off those features. But I suppose they're trying.
Whoever stated that MS source, please ...
[ more ] [ reply ]
On a side note, MS doesn't fix some of their issues, they choose to avoid it by turning off those features. But I suppose they're trying.
Whoever stated that MS source, please ...
[ more ] [ reply ]
One Definite Benefit - What???
2004-10-06
Anonymous
Anonymous
if you read it throughly you would see teh specified all publicly known exploits that popped up during thier report. they weren't considering any that were already out, just the ones that popped up during thier investigation. It just proves that there is no real advantage over open source or closed ...
[ more ] [ reply ]
[ more ] [ reply ]
Open Source Versus Closed Source Security
2004-10-05
Paul Kosinski (1 replies)
Paul Kosinski (1 replies)
An OS is like a government. An open form of government (OS) controllable by the citizens (users) is usually preferable to a closed one, no matter how competent or efficient the rulers (developers) are....
[ more ] [ reply ]
[ more ] [ reply ]
Open Source Versus Closed Source Security
2004-10-05
Anonymous (1 replies)
Anonymous (1 replies)
only if all the citizens are developers. most users don't know anything about programing so wether or not they can see the code doesn't mater to them. They just want something that works....
[ more ] [ reply ]
[ more ] [ reply ]
Vendor trust; 'Security by Obscurity'
2004-10-06
Anonymous
Anonymous
I think the article commented that (in effect) 'a process I can see is better because otherwise I have to trust the vendor'. I think an important addition to this is the concept of liability. If a vendor is liable for failures in its products, you don't really have to trust it to 'do the right thi...
[ more ] [ reply ]
[ more ] [ reply ]
Open Source Versus Closed Source Security
2004-10-07
Serious Sam (1 replies)
Serious Sam (1 replies)
Here's the way I see it. Knowing how an OS works should not give a potential attacker any benefits. The only way that seeing code would allow an exploit to be crafted is if there is a coding or logic error. Therefore, having a vastly larger group of auditors (as exists with open source OS's) make...
[ more ] [ reply ]
[ more ] [ reply ]
Open Source Versus Closed Source Security
2004-10-08
gmr
gmr
Yes, but what guarantee is there that larger will always equal better? Isn't it possible to have a smaller but more focused and better-qualified group that outperfoms a larger but less focused group? That was more the point I was making - that trade-offs are potentially involved. I'm not saying t...
[ more ] [ reply ]
[ more ] [ reply ]
Open Source Versus Closed Source Security
2004-10-11
ArjunBalaji
ArjunBalaji
How OpenSource makes difference here is the "visibility" of it by nature to the broader internet (OSDN)community.
Due to vast contribution from bunch a lot of real geeky developers, OpenSource really stands high. Also in my past experience any new vulnerabilities found in OpenSource software have b...
[ more ] [ reply ]
Due to vast contribution from bunch a lot of real geeky developers, OpenSource really stands high. Also in my past experience any new vulnerabilities found in OpenSource software have b...
[ more ] [ reply ]
let me help you get the article done a little quicker and cover the topic completely.
Here are the 8 Principles of Good Design:
1. Least Privilege
2. Separation of Privilege (more than 1 key)
3. *** Open Design ***
4. Complete Mediation
5. Fail Safe Defaults
6. Least Common Mechanis...
[ more ] [ reply ]