Sign In/My Account | View Cart  

advertisement

AddThis Social Bookmark Button

Article:
  Open Source Security: Still a Myth
Subject:   An extremely flawed article
Date:   2004-09-17 11:26:14
From:   McAction
Response to: An extremely flawed article

I forgot the big one: with open source at least anyone and everyone has the opportunity to do whatever security audit they wish. Try demanding that you neeed to audit the source code of Outlook before you deploy it--see what Microsoft says. Good luck!


Case closed.
Full Threads Oldest First

Showing messages 1 through 4 of 4.

  • An extremely flawed article
    2004-09-17 11:58:34  Shane_Brodie [View]

    I get such a kick out of reading the reactionary articles submitted by card-carrying members of either the commerical software industry or the open source community that I can't help but chuckle.

    No-one in their right mind thinks of software in the strictly black and white ideals of commercial or open source. Following either path blindly would be foolhardy.

    Stating that Microsoft software is insecure, while it "may" be true, it can hardly be held up to open source and compared. After all open source does not have tens of thousands raving "anti open source" troglodytes actively working to discredit it.

    Real programmers, IT Managers, and knowledgeable end-users know that they can get the best bang for their dollar/yen/euro/peso/etc. etc. by striking a balance on all of the alternatives.

    Why can't we all just get along ...
  • I'm Not Convinced
    2004-09-17 11:55:30  chromatic | O'Reilly AuthorO'Reilly Blogger [View]

    I think that to prove your case, you'd have to prove that having the source code available for people to audit actually leads to widespread audits and security fixes. Otherwise, you're arguing a point that John deliberately didn't address.

    Certainly the availability of auditable code and the ability to produce patches might mean that open source code could have more people doing security audits and fixing problems before exploits appear -- but postulating that people could fix problems doesn't mean that people will or actually do.

    Unrealized potential may be nice to have, but it doesn't do really do anything for you until someone puts work into realizing it.

    I'm not interested in anecdotes and I'm very disinterested in comparisons between Apache and IIS or Outlook and mutt. I want real data, not handwaving.
    • I'm Not Convinced
      2004-09-17 12:17:08  McAction [View]

      I absolutely agree that potential doesn't equal action and that some hard data would be very helpful. However, there was no hard data in the article either. I used the same sort of arguments that the author used, so I guess my comments probably were lacking in value as well.

      • I'm Not Convinced
        2005-01-18 21:03:45  musnat [View]

        I think you are using open source zealtory, which has no merit at all.

        Microsoft does share its source code with governments. That means a lot to anybody who is making a decision to buy Microsoft software. Everybody knows for sure that Microsoft's software has been checked out by other people who doesn't have a common interest to cheat you, China vs US etc...

        On the other hand, we don't know who is really checking out open source. There is no formal way of knowing that.

        You have no arguments, I think, you are simply one of the thousands of open source zealots who is more than ready to lie and distort facts or come up with all sorts of nonesense.