Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Microsoft: Closed source is more secure
Kevin Poulsen, SecurityFocus 2001-04-12

Redmond's security response chief warns the RSA Conference of the perils of open source.

Comments Mode:
Security under MS products VS. Linux, *BSD 2001-04-12
giard.pascal (at) teccart.qc (dot) ca [email concealed]
Now I know 2001-04-12
Anonymous
Crock of sh*t... 2001-04-12
Jim Powers
wow, that's a lot of spin 2001-04-13
wiggum
OpenBSD 2001-04-13
Carl Thomas
MS - Lipner Comments 2001-04-13
Nilanjan Chaks
RE: Microsoft: Closed source is more secure 2001-04-13
Kimico Myers
opensource less secure? 2001-04-13
osiris
Microsoft should get a clue. 2001-04-13
Reaperx1
He's low on credibility 2001-04-13
Ajay Shah
I don´t a gree that Open Source Software is "Boring and Expensive" 2001-04-13
Manuel
Wha?? 2001-04-13
bleezer (at) plz (dot) com [email concealed]
FUD 2001-04-13
x3co
Closed source more secure? Really? 2001-04-13
counter_counterinsurgency (at) nospam.hotmail (dot) com [email concealed]
Is Microsoft code more secure than open alternatives? 2001-04-13
Larry Fahnoe <fahnoe (at) FahnoeTech (dot) com [email concealed]>
Mr Lipner states that Microsoft has extensive software testing devoted to security issues, and that

because such testing is both boring and expensive it is not likely to be done well outside of the

commercial software development environment. Fine, I'm pleased to hear that Microsoft conducts

tests, but the question of whose code is more secure is still yet to be answered. The empirical

answer is found by simply comparing the incidence and severity of security flaws in Microsoft code

with that of other open alternatives. A casual following of the various security reports reveals a

large number of fairly basic flaws in Microsoft products, flaws that should have been caught in both

the design and security review phases. All software has bugs, but I do not think it is fair for

Microsoft to hold its model up as better than others when they stumble over the same pitfalls. It is

interesting to consider just how much Microsoft spends on such testing when the result is seldom

better than that of "free" software.

--Larry

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/191/5274#5274
Open Souce security 2001-04-13
Charles E. Hill
Microsoft: Closed source is more secure FSVO secure 2001-04-13
Shmuel (Seymour J.) Metz <shmuel (at) acm (dot) org [email concealed]> (2 replies)
Closed source burdened by "boring, expensive" QA 2001-04-16
counter_counterinsurgency (at) nospam.hotmail (dot) com [email concealed]
Microsoft: Closed source is more secure FSVO secure 2001-04-17
bassethound2 (at) yahoo (dot) com [email concealed]
Amazing who __finds__ the holes in Windows 2001-04-13
Will
Going through the motions != Security 2001-04-13
topeka (at) catchen (dot) org [email concealed]
Closed source software is secure 2001-04-13
soumyac (at) bigfoot (dot) com [email concealed]
An observation 2001-04-13
Harry G
Which explains why... 2001-04-13
Con Zymaris, CEO Cybersource Pty. Ltd. Australia
MS product line the best proof against Steve Lipner's arguments. 2001-04-14
SM
nobody buys ms argument 2001-04-16
j lock <jlock (at) compooter (dot) net [email concealed]>
So lipner finds security boring, huh? 2001-04-16
KSAJ
Open vs. closed not necessarily it.... 2001-04-16
abostaph (at) usa (dot) net [email concealed] (1 replies)
Open vs. closed not necessarily it.... 2001-04-16
Microsoft Defender (2 replies)
Open vs. closed not necessarily it.... 2001-04-18
Draconis
Open vs. closed not necessarily it.... 2001-04-18
abostaph (at) usa (dot) net [email concealed] (1 replies)
Open vs. closed not necessarily it.... 2001-04-18
M$ Defender
I hope Mr Lipner reads this 2001-04-17
dirge
Security Vulnerability Open Source vs Closed Source 2001-04-17
Rod <snaketails (at) optushome.com (dot) au [email concealed]>
who gets cracked more? 2001-04-18
TauRine (1 replies)
who gets cracked more? 2001-04-18
M$ Defender (3 replies)
who gets cracked more? 2001-04-18
brian (1 replies)
who gets cracked more? 2001-04-18
M$ Defender
who gets cracked more? 2001-04-18
dirge
who gets cracked more? 2001-04-19
Bruce Garlock
His arguments contradict each other! 2001-04-19
nobody important
Closed Source products often contain obvious bugs 2001-04-19
A Reader
Interesting admission from Mr Lipner 2001-04-19
Iter







 

Privacy Statement
Copyright 2009, SecurityFocus