Re: Secure or insecure

From: Synchrodude (me_at_here.com)
Date: 02/21/04


Date: Fri, 20 Feb 2004 16:45:52 -0800

pomasl wrote:

> zsjiab@sithhb.com wrote:
>> |From this link http://news.bbc.co.uk/1/hi/technology/3485327.stm
>> |
>> |M$ seem to think that letting people see your source code
>> |is inherently insecure, I wonder why its Windows users that are
>> |suffering all the problems at the moment and that OSS isn't falling over
>> |all around the world then?
>>
>> I find it hilarious that when M$ code is leaked, it's claimed to be a
>> security risk. But FOSS has been open to all to see all the time and
>> yet has a better security record.
>
>
> Catching up on newsgroups, I found this article.
> The reason that M$ code release is a security risk is that the code has
> not been scrutinized to the extent that Open Source code has. The
> inherently insecure code, once released to the public, can show its
> flaws to the wrong people who would then exploit what they see. For M$
> to catch up on "fixing" any security flaws found in the released code
> would take weeks when the Open Source community would take days and the
> hackers/virus writers would take hours to exploit.
>
> The benefit that the open source community has is the beta process where
> the CODE is scrutinized, not just the function. M$ has a beta period
> but NO code is scrutinized, only the function is with whatever
> underlying security flaws. If the function works under a normal load,
> no one ever really looks at the "hidden" flaws.
>
> The release of live code is where the security flaw is. Virus writers
> and hacker now have code that is running on millions of machines, ripe
> for the picking!!
>
> Chris

Behind this smoking mirror is a secure home to live in :)

-- 
Synchrodude the Legend
You only have too much fuel if you are on fire!