, SecurityFocus 2000-04-17
Is Open Source really more secure than closed? Elias Levy says there's a little security in obscurity.
Expand all |
Post comment
Netscape developers are weenies!
2000-04-17
Anonymous (2 replies)
Anonymous (2 replies)
Bug *fixes*...?
2000-04-17
Anonymous (2 replies)
Anonymous (2 replies)
Re: bug fixes
2000-04-17
David Terrell <dbt (at) meat (dot) net [email concealed]> (2 replies)
David Terrell <dbt (at) meat (dot) net [email concealed]> (2 replies)
Examine the record...
2000-04-17
Anonymous (1 replies)
Anonymous (1 replies)
Comparing Apache and IIS is wrong
2000-04-17
Anonymous (2 replies)
Anonymous (2 replies)
You've made several critical mistakes in your comment.
2000-04-17
Bruce Perens <bruce (at) perens (dot) com [email concealed]> (3 replies)
Bruce Perens <bruce (at) perens (dot) com [email concealed]> (3 replies)
Sorry about the bad formatting.
2000-04-17
Bruce Perens <bruce (at) perens (dot) com [email concealed]>
Bruce Perens <bruce (at) perens (dot) com [email concealed]>
Re: Bruce Parens' Defense of Open Source
2000-04-17
David Terrell <dbt (at) meat (dot) net [email concealed]> (2 replies)
David Terrell <dbt (at) meat (dot) net [email concealed]> (2 replies)
How to respond to past reports of vulnerability
2000-04-17
Bruce Perens <bruce (at) perens (dot) com [email concealed]> (1 replies)
Bruce Perens <bruce (at) perens (dot) com [email concealed]> (1 replies)
Re: How to respond to past reports of vulnerability
2000-04-18
David Terrell <dbt (at) meat (dot) net [email concealed]> (1 replies)
David Terrell <dbt (at) meat (dot) net [email concealed]> (1 replies)
I don't think you get what he's talking about, Dave...
2000-04-19
Barry Fitzgerald <reaperx1 (at) netscape (dot) net [email concealed]> (1 replies)
Barry Fitzgerald <reaperx1 (at) netscape (dot) net [email concealed]> (1 replies)
Thanks for the additional info but...
2000-04-17
Anonymous (1 replies)
Anonymous (1 replies)
Trust-worthyness and ability to spot bugs
2000-04-17
Bruce Perens <bruce (at) perens (dot) com [email concealed]>
Bruce Perens <bruce (at) perens (dot) com [email concealed]>
Skill is always at a premium
2000-04-17
Christopher Petrilli <petrilli (at) amber (dot) org [email concealed]> (1 replies)
Christopher Petrilli <petrilli (at) amber (dot) org [email concealed]> (1 replies)
Who found the sendmail bug?
2000-04-17
Brett <disfunct (at) radiusnet (dot) net [email concealed]> (1 replies)
Brett <disfunct (at) radiusnet (dot) net [email concealed]> (1 replies)
Morris didn't find the Sendmail bug
2000-04-20
Rick Smith <rick_smith (at) securecomputing (dot) com [email concealed]>
Rick Smith <rick_smith (at) securecomputing (dot) com [email concealed]>
to expand on what i said earlier.
2000-04-17
Brett <disfunct (at) radiusnet (dot) net [email concealed]>
Brett <disfunct (at) radiusnet (dot) net [email concealed]>
So what you're saying is that open source software is often as insecure as closed-source software is most of the time.
2000-04-18
Anonymous
Anonymous
Correct the facts and the conclusions stand strong
2000-04-21
Rick Smith <rick_smith (at) securecomputing (dot) com [email concealed]>
Rick Smith <rick_smith (at) securecomputing (dot) com [email concealed]>
Original Bugtraq mailing list description?
2000-04-21
Robert Quinn <rquinn (at) pobox (dot) com [email concealed]>
Robert Quinn <rquinn (at) pobox (dot) com [email concealed]>
>than closed source software when it comes to security
>vulnerabilities? No. Open Source Software certainly does
>have the potential to be more secure than its closed
>source counterpart.
>But make no mistake, simply being open source is no >guarantee of security.
The text quoted above is the main point of this article, but the title and the examples are somewhat misleading. I agree there is less peer-review than expected with OSS but, it remains _possible_ . This is essential to me. Moreover, OSS has proven to be more reactive to newly discovered flaws. I know there are outsanding bugs still to be fixed but it is all the more true with proprietary software (look at the reactivity of Sun...).
Sure, OSS is not the Almighty Messiah of computer security but I am convinced that it's better than closed-source in most cases. You, security experts, should be a little clearer on this point.
Yes, I know I may not have followed the link to this paper if the title had been somewhat more explicit ...
Anway, thank you for your site (though I find the layout too complex), I use it everyday.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/19/1374#1374