, SecurityFocus 2000-04-17
Is Open Source really more secure than closed? Elias Levy says there's a little security in obscurity.
Expand all |
Post comment
Netscape developers are weenies!
2000-04-17
Anonymous (2 replies)
Anonymous (2 replies)
Bug *fixes*...?
2000-04-17
Anonymous (2 replies)
Anonymous (2 replies)
Re: bug fixes
2000-04-17
David Terrell <dbt (at) meat (dot) net [email concealed]> (2 replies)
David Terrell <dbt (at) meat (dot) net [email concealed]> (2 replies)
Examine the record...
2000-04-17
Anonymous (1 replies)
Anonymous (1 replies)
Comparing Apache and IIS is wrong
2000-04-17
Anonymous (2 replies)
Anonymous (2 replies)
You've made several critical mistakes in your comment.
2000-04-17
Bruce Perens <bruce (at) perens (dot) com [email concealed]> (3 replies)
Bruce Perens <bruce (at) perens (dot) com [email concealed]> (3 replies)
Sorry about the bad formatting.
2000-04-17
Bruce Perens <bruce (at) perens (dot) com [email concealed]>
Bruce Perens <bruce (at) perens (dot) com [email concealed]>
Thanks for the additional info but...
2000-04-17
Anonymous (1 replies)
Anonymous (1 replies)
Trust-worthyness and ability to spot bugs
2000-04-17
Bruce Perens <bruce (at) perens (dot) com [email concealed]>
Bruce Perens <bruce (at) perens (dot) com [email concealed]>
Skill is always at a premium
2000-04-17
Christopher Petrilli <petrilli (at) amber (dot) org [email concealed]> (1 replies)
Christopher Petrilli <petrilli (at) amber (dot) org [email concealed]> (1 replies)
Who found the sendmail bug?
2000-04-17
Brett <disfunct (at) radiusnet (dot) net [email concealed]> (1 replies)
Brett <disfunct (at) radiusnet (dot) net [email concealed]> (1 replies)
Morris didn't find the Sendmail bug
2000-04-20
Rick Smith <rick_smith (at) securecomputing (dot) com [email concealed]>
Rick Smith <rick_smith (at) securecomputing (dot) com [email concealed]>
to expand on what i said earlier.
2000-04-17
Brett <disfunct (at) radiusnet (dot) net [email concealed]>
Brett <disfunct (at) radiusnet (dot) net [email concealed]>
So what you're saying is that open source software is often as insecure as closed-source software is most of the time.
2000-04-18
Anonymous
Anonymous
Correct the facts and the conclusions stand strong
2000-04-21
Rick Smith <rick_smith (at) securecomputing (dot) com [email concealed]>
Rick Smith <rick_smith (at) securecomputing (dot) com [email concealed]>
Original Bugtraq mailing list description?
2000-04-21
Robert Quinn <rquinn (at) pobox (dot) com [email concealed]>
Robert Quinn <rquinn (at) pobox (dot) com [email concealed]>
How would you respond to the issues like: multiple wu-ftpd vunlerabilities,
userland-nfs mountd vulnerabilities, multiple remote root WU-imapd
vulnerabilities, and other security issues that have plagued linux
distributions for years?
You can pick on his specific examples, but I think his core point is valid.
Open Source is not a panacea for any problem, except user-accessibility
to source. This can make (and Elias says this) Open Source programs
more secure: the OpenBSD project was founded as an audited (and with
crypto added!) fork of NetBSD, which wouldn't have been possible if
NetBSD were closed. But it doesn't make Linux secure. Sure, when a bug
is found, someone posts a patch to bugtraq quickly. But the fact that such
problems are continually found and need patching indicates a problem, not
a selling point.
-David Terrell (dbt (at) meat (dot) net [email concealed])
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/19/1403#1403