Wide Open Source

Wide Open Source
Elias Levy, SecurityFocus 2000-04-17

Is Open Source really more secure than closed? Elias Levy says there's a little security in obscurity.

Expand all | Post comment

Netscape developers are weenies! 2000-04-17
Anonymous (2 replies)

Netscape developers are weenies! 2000-04-17
Anonymous (1 replies)

haha... 2000-04-18
Anonymous

Ever hear of SourceSafe? 2000-04-17
Anonymous (3 replies)

MS vs. Linux 2000-04-17
Anonymous (1 replies)

Like most MS products 2000-04-17
Anonymous

MS has SourceSafe (hehe) 2000-04-17
Anonymous

SourceSafe Rocks 2000-04-17
Anonymous

Re: Is Open Source really more secure than closed? 2000-04-17
Anonymous

Please emphasize your conclusion 2000-04-17
Anonymous

Bug *fixes*...? 2000-04-17
Anonymous (2 replies)

Re: bug fixes 2000-04-17
David Terrell <dbt (at) meat (dot) net [email concealed]> (2 replies)

This is silly.

Do you expect users to troll for bug fixes daily? Do you think RedHat

releases security advisories as fast as patches are posted to bugtraq?

And this ignores the number of people who don't even know that

security problems with Linux exist, because they've been brainwashed

by Linux bigots into not thinking it's a problem.

_And_ those bugs are only fixed AFTER the problem has become

commonly known. You wouldn't believe how long attacks like the

NFS mountd remote root overflow circulated in underground circles

before it was publicly acknowledged (on bugtraq) and fixed.

This isn't to say that "Open Source" doesn't work. Go read the OpenBSD

errata pages and look for the last remote root overflow.

Without strong, proactive security auditing, users are at risk ever day.

- David Terrell (dbt (at) meat (dot) net [email concealed])

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/19/1406#1406

What? 2000-04-17
Anonymous

a bit reactionary, eh? 2000-04-18
Anonymous (1 replies)

potentialities and realities 2000-04-18
David Terrell <dbt (at) meat (dot) net [email concealed]>

Latest MS bug fixed same day 2000-04-18
Anonymous (1 replies)

Good response, MS 2000-04-19
Anonymous

Wide Open Source 2000-04-17
Anonymous

Open Source Security 2000-04-17
Anonymous

You forgot one thing: 2000-04-17
Anonymous

But you ignore the obvious 2000-04-17
Anonymous

Auditing of compiled code not much harder ... 2000-04-17
Anonymous (1 replies)

Forget about strcpy() 2000-04-17
Anonymous

good analysis... 2000-04-17
Anonymous

Examine the record... 2000-04-17
Anonymous (1 replies)

Comparing Apache and IIS is wrong 2000-04-17
Anonymous (2 replies)

crap load along with Apache. 2000-04-17
Anonymous

Comparison of Apache and IIS is Dead On 2000-04-17
Anonymous (1 replies)

Right, no one really wants all those features... 2000-04-21
Anonymous

Path of the weak 2000-04-17
Anonymous

You've made several critical mistakes in your comment. 2000-04-17
Bruce Perens <bruce (at) perens (dot) com [email concealed]> (3 replies)

Sorry about the bad formatting. 2000-04-17
Bruce Perens <bruce (at) perens (dot) com [email concealed]>

Re: Bruce Parens' Defense of Open Source 2000-04-17
David Terrell <dbt (at) meat (dot) net [email concealed]> (2 replies)

How to respond to past reports of vulnerability 2000-04-17
Bruce Perens <bruce (at) perens (dot) com [email concealed]> (1 replies)

Re: How to respond to past reports of vulnerability 2000-04-18
David Terrell <dbt (at) meat (dot) net [email concealed]> (1 replies)

I don't think you get what he's talking about, Dave... 2000-04-19
Barry Fitzgerald <reaperx1 (at) netscape (dot) net [email concealed]> (1 replies)

I don't think you get what he's talking about, Dave... 2000-05-05
Anonymous

Indeed there are a lot of bugs 2000-04-18
Anonymous

Thanks for the additional info but... 2000-04-17
Anonymous (1 replies)

Trust-worthyness and ability to spot bugs 2000-04-17
Bruce Perens <bruce (at) perens (dot) com [email concealed]>

Open source is not written by 1 person. 2000-04-17
Anonymous

Skill is always at a premium 2000-04-17
Christopher Petrilli <petrilli (at) amber (dot) org [email concealed]> (1 replies)

Rigorous methodology 2000-04-17
Anonymous

Blackhat? 2000-04-17
batz <batsy (at) vapour (dot) net [email concealed]> (1 replies)

semantics 2000-04-17
Ryan Russell <ryan (at) securityfocus (dot) com [email concealed]>

Some good points... 2000-04-17
Anonymous

Open source as a democracy 2000-04-17
Anonymous (1 replies)

Politics are irrelevant 2000-04-17
Anonymous

This isn't OSS vs. CSS 2000-04-17
Anonymous

Finding holes in closed source isn't hard... 2000-04-17
Anonymous

bugs? yeah. fixes? right away 2000-04-17
Anonymous

Apples and Oranges 2000-04-17
Anonymous (2 replies)

re: Apples and Oranges 2000-04-17
Anonymous

NSA/Linux 2000-04-20
Anonymous

Blackhat, whitehat, whatever. 2000-04-17
Anonymous

Who found the sendmail bug? 2000-04-17
Brett <disfunct (at) radiusnet (dot) net [email concealed]> (1 replies)

Morris didn't find the Sendmail bug 2000-04-20
Rick Smith <rick_smith (at) securecomputing (dot) com [email concealed]>

to expand on what i said earlier. 2000-04-17
Brett <disfunct (at) radiusnet (dot) net [email concealed]>

Attitudes 2000-04-17
Anonymous

Rates of evolution 2000-04-17
Anonymous

just a few little things... 2000-04-17
Anonymous

a quick Summary and rant 2000-04-17
Anonymous

OSS vs closed 2000-04-17
Anonymous

Banks, The NSA, and US companies. 2000-04-18
Anonymous

Open source is not secure ONLY because it's open 2000-04-18
Anonymous (1 replies)

Open Source has nothing to do with security 2000-04-21
Anonymous

So what you're saying is that open source software is often as insecure as closed-source software is most of the time. 2000-04-18
Anonymous

Open source? Use real examples! 2000-04-18
Anonymous

Come on 2000-04-18
Anonymous

Correct the facts and the conclusions stand strong 2000-04-21
Rick Smith <rick_smith (at) securecomputing (dot) com [email concealed]>

Original Bugtraq mailing list description? 2000-04-21
Robert Quinn <rquinn (at) pobox (dot) com [email concealed]>

There's more to security than fixing bugs... 2000-05-17
Anonymous