, 2004-09-30
In the age old battle between open source and closed source operating systems and applications, can either of them really be considered more secure than the other?
Expand all |
Post comment
One Definite Benefit
2004-10-04
SFN (1 replies)
SFN (1 replies)
One Definite Benefit - What???
2004-10-04
Anon (1 replies)
Anon (1 replies)
Open Source Versus Closed Source Security
2004-10-05
Paul Kosinski (1 replies)
Paul Kosinski (1 replies)
let me help you get the article done a little quicker and cover the topic completely.
Here are the 8 Principles of Good Design:
1. Least Privilege
2. Separation of Privilege (more than 1 key)
3. *** Open Design ***
4. Complete Mediation
5. Fail Safe Defaults
6. Least Common Mechanism
7. Economy of Mechanism
8. Psychologically Acceptable (ease of use)
#3 is one that you are interested in (obviously). The mechanism NEEDS to be PUBLIC. This allows for inspection, and high scrutiny from the public. Not only that, but hiding the mechanism has proved absolutely useless!
You don't expose how it is encrypted, but definitely expose the mechanism in which it is used.
Furthermore, individual software security does absolutely nothing for system security.
--I think this lays it out better..
Joe W.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/269/28634#28634