Re: Secure or insecure

From: Synchrodude (me_at_here.com)
Date: 02/21/04


Date: Fri, 20 Feb 2004 16:45:52 -0800

pomasl wrote:

> zsjiab@sithhb.com wrote:
>> |From this link http://news.bbc.co.uk/1/hi/technology/3485327.stm
>> |
>> |M$ seem to think that letting people see your source code
>> |is inherently insecure, I wonder why its Windows users that are
>> |suffering all the problems at the moment and that OSS isn't falling over
>> |all around the world then?
>>
>> I find it hilarious that when M$ code is leaked, it's claimed to be a
>> security risk. But FOSS has been open to all to see all the time and
>> yet has a better security record.
>
>
> Catching up on newsgroups, I found this article.
> The reason that M$ code release is a security risk is that the code has
> not been scrutinized to the extent that Open Source code has. The
> inherently insecure code, once released to the public, can show its
> flaws to the wrong people who would then exploit what they see. For M$
> to catch up on "fixing" any security flaws found in the released code
> would take weeks when the Open Source community would take days and the
> hackers/virus writers would take hours to exploit.
>
> The benefit that the open source community has is the beta process where
> the CODE is scrutinized, not just the function. M$ has a beta period
> but NO code is scrutinized, only the function is with whatever
> underlying security flaws. If the function works under a normal load,
> no one ever really looks at the "hidden" flaws.
>
> The release of live code is where the security flaw is. Virus writers
> and hacker now have code that is running on millions of machines, ripe
> for the picking!!
>
> Chris

Behind this smoking mirror is a secure home to live in :)

-- 
Synchrodude the Legend
You only have too much fuel if you are on fire!


Relevant Pages

  • Re: Distributing user-developed Linux software and licensing issues.
    ... >> capable of secure data transmissions. ... > I'm not a security expert so I'm learning as I go. ... > application can be completely open source and secure ... > key works since access to the source code is ...
    (Fedora)
  • End of all Open Source.
    ... We know that this security issue was discovered on 27th Nov 2002 by ISS ... However, the US Department of Homeland Security prohibited Sendmail Inc., ... Source code, the essence of Open Source ...
    (comp.security.misc)
  • Re: Crypto implementation in consumer encryption software
    ... > products out there are open source. ... > is that high-quality crypto often comes out first in open source (while ... The proportion of the source code in a typical ... commercial security product that is comprised of direct cryptographic ...
    (sci.crypt)
  • End of all Open Source.
    ... We know that this security issue was discovered on 27th Nov 2002 by ISS ... However, the US Department of Homeland Security prohibited Sendmail Inc., ... Source code, the essence of Open Source ...
    (alt.computer.security)
  • Re: Secure or insecure
    ... not been scrutinized to the extent that Open Source code has. ... inherently insecure code, once released to the public, can show its ... to catch up on "fixing" any security flaws found in the released code ...
    (alt.os.linux.suse)