Falling Apart at the Seams

Falling Apart at the Seams
Kathleen Ellis and Jon Lasser, SecurityFocus 2000-09-04

Last month's Brown Orifice program opened a backdoor to an insecure future. Can open source save the day?

User: friend or enemy? 2000-09-05
Pavel Roskin (1 replies)

User: friend or enemy? 2000-09-08
foo

Open Source Solution 2000-09-05
Pete Kofod (2 replies)

While Open Source has many benefits, I believe the most over-sold yet empirically unproven one is improved security. Given the sheer amount of eyes inspecting current code, vulnerabilities should be getting zapped as quickly as they appear, yet many go undetected for a while. The reason they go undetected is for the very reason outlined in article: the geometric growth in interface combinations is the contributing factor. The likelihood of Open Source 'reviewers' independently evaluating separate feature combinations and associated security consequences is a lot less than envisioning a few aggressively analyzing the code, following similar evaluation methodologies, with the silent majority trailing along.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/80/3298#3298

Re: Open Source Solution 2000-09-08
angel'o'sphere (1 replies)

Re: Open Source Solution 2000-09-08
Richard

Open Source Solution 2000-09-08
Mike Crist

Is the combination or the individual code itself to blame? 2000-09-06

Open source is not a silver bullet 2000-09-06
Your friendly neighborhood software developer

Brown Orifice bug not in Open Source! 2000-09-08
/dev/joe

"All bugs are shallow" is a delusion of Open Source Arguments 2000-09-08
peter (at) smalltalk (dot) org [email concealed]

Open source WORKS! 2000-09-08
Another friendly software developer

Mozilla and JavaScript 2000-09-08
Markus Fleck

How many ways can one article be wrong? 2000-09-08
Charles Miller