Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Wide Open Source
Elias Levy, SecurityFocus 2000-04-17

Is Open Source really more secure than closed? Elias Levy says there's a little security in obscurity.

Comments Mode:
Netscape developers are weenies! 2000-04-17
Anonymous (2 replies)
Netscape developers are weenies! 2000-04-17
Anonymous (1 replies)
haha... 2000-04-18
Anonymous
Ever hear of SourceSafe? 2000-04-17
Anonymous (3 replies)
MS vs. Linux 2000-04-17
Anonymous (1 replies)
Like most MS products 2000-04-17
Anonymous
MS has SourceSafe (hehe) 2000-04-17
Anonymous
SourceSafe Rocks 2000-04-17
Anonymous
Re: Is Open Source really more secure than closed? 2000-04-17
Anonymous
Please emphasize your conclusion 2000-04-17
Anonymous
Bug *fixes*...? 2000-04-17
Anonymous (2 replies)
Re: bug fixes 2000-04-17
David Terrell <dbt (at) meat (dot) net [email concealed]> (2 replies)
What? 2000-04-17
Anonymous
a bit reactionary, eh? 2000-04-18
Anonymous (1 replies)
potentialities and realities 2000-04-18
David Terrell <dbt (at) meat (dot) net [email concealed]>
Latest MS bug fixed same day 2000-04-18
Anonymous (1 replies)
Good response, MS 2000-04-19
Anonymous
Wide Open Source 2000-04-17
Anonymous
Open Source Security 2000-04-17
Anonymous
You forgot one thing: 2000-04-17
Anonymous
But you ignore the obvious 2000-04-17
Anonymous
Auditing of compiled code not much harder ... 2000-04-17
Anonymous (1 replies)
Forget about strcpy() 2000-04-17
Anonymous
good analysis... 2000-04-17
Anonymous
Examine the record... 2000-04-17
Anonymous (1 replies)
Comparing Apache and IIS is wrong 2000-04-17
Anonymous (2 replies)
crap load along with Apache. 2000-04-17
Anonymous
Comparison of Apache and IIS is Dead On 2000-04-17
Anonymous (1 replies)
Right, no one really wants all those features... 2000-04-21
Anonymous
Path of the weak 2000-04-17
Anonymous
You've made several critical mistakes in your comment. 2000-04-17
Bruce Perens <bruce (at) perens (dot) com [email concealed]> (3 replies)
Sorry about the bad formatting. 2000-04-17
Bruce Perens <bruce (at) perens (dot) com [email concealed]>
Re: Bruce Parens' Defense of Open Source 2000-04-17
David Terrell <dbt (at) meat (dot) net [email concealed]> (2 replies)
How to respond to past reports of vulnerability 2000-04-17
Bruce Perens <bruce (at) perens (dot) com [email concealed]> (1 replies)
The bottom line is, are there more such vulnerabilities in current Open Source software, or in the current Microsoft product? Sure, there have been multiple vulnerabilities with wu-ftpd. We've learned a lot about security during that time, and we even have a "stackguard" compiler now. We still don't know what vulnerabilities exist in closed-source FTP servers.<p>

For me the whole point of having a Linux area on SecurityFocus is that we can get a measure of how Linux is holding up next to Windows. We should be measuring it as it performs today, rather than blaming the Morris worm on Open Source!<p>

Thanks<p>

<i>Bruce</i>

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/19/1411#1411
Re: How to respond to past reports of vulnerability 2000-04-18
David Terrell <dbt (at) meat (dot) net [email concealed]> (1 replies)
I don't think you get what he's talking about, Dave... 2000-04-19
Barry Fitzgerald <reaperx1 (at) netscape (dot) net [email concealed]> (1 replies)
I don't think you get what he's talking about, Dave... 2000-05-05
Anonymous
Indeed there are a lot of bugs 2000-04-18
Anonymous
Thanks for the additional info but... 2000-04-17
Anonymous (1 replies)
Trust-worthyness and ability to spot bugs 2000-04-17
Bruce Perens <bruce (at) perens (dot) com [email concealed]>
Open source is not written by 1 person. 2000-04-17
Anonymous
Skill is always at a premium 2000-04-17
Christopher Petrilli <petrilli (at) amber (dot) org [email concealed]> (1 replies)
Rigorous methodology 2000-04-17
Anonymous
Blackhat? 2000-04-17
batz <batsy (at) vapour (dot) net [email concealed]> (1 replies)
semantics 2000-04-17
Ryan Russell <ryan (at) securityfocus (dot) com [email concealed]>
Some good points... 2000-04-17
Anonymous
Open source as a democracy 2000-04-17
Anonymous (1 replies)
Politics are irrelevant 2000-04-17
Anonymous
This isn't OSS vs. CSS 2000-04-17
Anonymous
Finding holes in closed source isn't hard... 2000-04-17
Anonymous
bugs? yeah. fixes? right away 2000-04-17
Anonymous
Apples and Oranges 2000-04-17
Anonymous (2 replies)
re: Apples and Oranges 2000-04-17
Anonymous
NSA/Linux 2000-04-20
Anonymous
Blackhat, whitehat, whatever. 2000-04-17
Anonymous
Who found the sendmail bug? 2000-04-17
Brett <disfunct (at) radiusnet (dot) net [email concealed]> (1 replies)
Morris didn't find the Sendmail bug 2000-04-20
Rick Smith <rick_smith (at) securecomputing (dot) com [email concealed]>
to expand on what i said earlier. 2000-04-17
Brett <disfunct (at) radiusnet (dot) net [email concealed]>
Attitudes 2000-04-17
Anonymous
Rates of evolution 2000-04-17
Anonymous
just a few little things... 2000-04-17
Anonymous
a quick Summary and rant 2000-04-17
Anonymous
OSS vs closed 2000-04-17
Anonymous
Banks, The NSA, and US companies. 2000-04-18
Anonymous
Open source is not secure ONLY because it's open 2000-04-18
Anonymous (1 replies)
Open Source has nothing to do with security 2000-04-21
Anonymous
So what you're saying is that open source software is often as insecure as closed-source software is most of the time. 2000-04-18
Anonymous
Open source? Use real examples! 2000-04-18
Anonymous
Come on 2000-04-18
Anonymous
Correct the facts and the conclusions stand strong 2000-04-21
Rick Smith <rick_smith (at) securecomputing (dot) com [email concealed]>
Original Bugtraq mailing list description? 2000-04-21
Robert Quinn <rquinn (at) pobox (dot) com [email concealed]>
There's more to security than fixing bugs... 2000-05-17
Anonymous







 

Privacy Statement
Copyright 2009, SecurityFocus