"The central point of this article appears to be that security through obscurity - MS closed source development model - is better than the underlying force for more secure code, combined with the pressure for fast fixes, created by an open source development."

As you mention in your comment, security by obscurity is not a good thing, and I'm certainly not advocating it in my article. I'm only suggesting that Microsoft is in a more advantageous position when it comes to patching all of the vulnerabilities in their operating system than Apple is. Apple can't patch bugs on their own time line when those bugs are associated with an open source application and published on a different time-line.

"Not only does that mean that one bad guy managing to prise one bit of kit doesn't make any of the rest of it less secure, it also means that everyone can see what's going on the room all the time, and collectively can ensure that all remains intact."

While this certainly applies to open source software packages, it doesn't apply to distributions of those packages in an operating system bundle. Once someone figures out how to exploit a vulnerability in a certain application included with any given operating system distribution, it can be exploited on most systems running that distribution until the "vendor" (I use the term loosely) provides a patch for it. This is especially the case with a corporate / for-pay operating system distribution like Apple.

Thanks for you feedback on my article.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/348/32274#32274