I don't think that security boils down to open source or closed. Both have had their share of problems, and have been discovered, exploited and patched countless times.

I think that the biggest security problem stems from the notion that ease of use is more important than a secure system. And we all know that there is a direct relationship between the two. The more secure it is, the less accessible (or easy to use) it is, and the same is true in the other direction.

User friendliness may have been more important in the days before every company was on the internet, high-speed service was available to the home, and Linux was a virtually unexplored frontier, but now, with the advent of these things, and more, it is clear that security should be pushed to the forefront. After all, what's worse: something that's not quite so easy to use that it takes some training, or something that can't be used at all, due to some "3l33t H4x0r" owning it?

Many of M$'s security problems seem to stem not from the closed nature of their source code, but from their basic design concept. Perhaps if they changed that (or if a closed-source "secure UNIX-like" OS springs up), we could get a more realistic picture of who's right.

It might also be nice to know who at M$ does the review of the code, how many there are, what their qualifications are, etc., before a real judgement could be made as to which concept is better.

We should also remember that no matter the numbers and qualifications of the coders at M$, they are part of a company that is obvoiusly run primarily by Marketing department decisions and the bottom line. That doesn't leave much room for quality.

Just my thoughts....

Boa

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/191/5298#5298