Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Microsoft: Closed source is more secure
Kevin Poulsen, SecurityFocus 2001-04-12

Redmond's security response chief warns the RSA Conference of the perils of open source.

Comments Mode:
Security under MS products VS. Linux, *BSD 2001-04-12
giard.pascal (at) teccart.qc (dot) ca [email concealed]
Now I know 2001-04-12
Anonymous
Crock of sh*t... 2001-04-12
Jim Powers
wow, that's a lot of spin 2001-04-13
wiggum
OpenBSD 2001-04-13
Carl Thomas
MS - Lipner Comments 2001-04-13
Nilanjan Chaks
RE: Microsoft: Closed source is more secure 2001-04-13
Kimico Myers
opensource less secure? 2001-04-13
osiris
Microsoft should get a clue. 2001-04-13
Reaperx1
He's low on credibility 2001-04-13
Ajay Shah
I don´t a gree that Open Source Software is "Boring and Expensive" 2001-04-13
Manuel
Wha?? 2001-04-13
bleezer (at) plz (dot) com [email concealed]
FUD 2001-04-13
x3co
Closed source more secure? Really? 2001-04-13
counter_counterinsurgency (at) nospam.hotmail (dot) com [email concealed]
Is Microsoft code more secure than open alternatives? 2001-04-13
Larry Fahnoe <fahnoe (at) FahnoeTech (dot) com [email concealed]>
Open Souce security 2001-04-13
Charles E. Hill
Microsoft: Closed source is more secure FSVO secure 2001-04-13
Shmuel (Seymour J.) Metz <shmuel (at) acm (dot) org [email concealed]> (2 replies)
Closed source burdened by "boring, expensive" QA 2001-04-16
counter_counterinsurgency (at) nospam.hotmail (dot) com [email concealed]
Microsoft: Closed source is more secure FSVO secure 2001-04-17
bassethound2 (at) yahoo (dot) com [email concealed]
Amazing who __finds__ the holes in Windows 2001-04-13
Will
Going through the motions != Security 2001-04-13
topeka (at) catchen (dot) org [email concealed]
Closed source software is secure 2001-04-13
soumyac (at) bigfoot (dot) com [email concealed]
An observation 2001-04-13
Harry G
Which explains why... 2001-04-13
Con Zymaris, CEO Cybersource Pty. Ltd. Australia
MS product line the best proof against Steve Lipner's arguments. 2001-04-14
SM
nobody buys ms argument 2001-04-16
j lock <jlock (at) compooter (dot) net [email concealed]>
So lipner finds security boring, huh? 2001-04-16
KSAJ
Open vs. closed not necessarily it.... 2001-04-16
abostaph (at) usa (dot) net [email concealed] (1 replies)
Open vs. closed not necessarily it.... 2001-04-16
Microsoft Defender (2 replies)
Open vs. closed not necessarily it.... 2001-04-18
Draconis
Open vs. closed not necessarily it.... 2001-04-18
abostaph (at) usa (dot) net [email concealed] (1 replies)
Open vs. closed not necessarily it.... 2001-04-18
M$ Defender
I hope Mr Lipner reads this 2001-04-17
dirge
Security Vulnerability Open Source vs Closed Source 2001-04-17
Rod <snaketails (at) optushome.com (dot) au [email concealed]>
who gets cracked more? 2001-04-18
TauRine (1 replies)
who gets cracked more? 2001-04-18
M$ Defender (3 replies)
who gets cracked more? 2001-04-18
brian (1 replies)
who gets cracked more? 2001-04-18
M$ Defender
who gets cracked more? 2001-04-18
dirge
who gets cracked more? 2001-04-19
Bruce Garlock
His arguments contradict each other! 2001-04-19
nobody important
Closed Source products often contain obvious bugs 2001-04-19
A Reader
Closed Source products often contain obvious bugs. You don't need

the sources to find them.

But apparently companies that distribute closed source software think

they don't have to obey elemetary rules for computer security.

Or they think they don't need to fix such bugs.

Until somebody finds them and abuses them...

Perhaps this is the reason for the numerous DOS attacks against

such software. It is quite easy to produce a buffer overflow in a closed source program programmed in a bad style. While it might be more difficult to exploit it on closed source system to get root privileges it is easily possible to shut down such a site by such a trick as a DOS attack.

So closed source systems are not superior to open source systems.

On the other hand operating systems like Windows or VMS are not

really closed source. Institutes can get the sources for research purposes. A student could steal the sources and abuse this knowledge while all other

users might think the system is safe.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/191/5348#5348
Interesting admission from Mr Lipner 2001-04-19
Iter







 

Privacy Statement
Copyright 2009, SecurityFocus