l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2004 Mar 06 19:06

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] Open Source and Security
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] Open Source and Security

Here is my (naive) view of software security:

1. old software is insecure because un-patched exploits have been discovered long ago, but it is so old no one wants to fix it

2. recently released software is mostly secure because easy exploits are found quickly and patches are available; less obvious exploits are not yet known

3. bleeding edge, pre-released software is insecure because fixes for easy exploits are not yet available.

This applies to both proprietary software (PS) and open-source software (OSS). Note that for both PS and OSS, it is the responsibility of the end user to keep up-to-date on security vulnerabilities and make the appropriate updates. A decided advantage of OSS is that _anyone_, including yourself, can fix security problems, even for case 1. But with PS, you are in the hands of the software vendor. Also, OSS is often more secure to start with because more people can look at the code and anticipate problems.

It sounds like the person quoted here falls under case 1, where an old version of a RH distro is being used that RH inc no longer supports. He/she probably ought to switch linux distributions or purchase RHE.


Byron Roberts wrote:
Here is an excerpt from a post on the CVBIG list that I belong to:


The problems with Linux are that RedHat (our operating system) no longer supports further updates, the Linux operating system has three system vulnerabilities, which need to be fixed, and it is open source (I know I touched on something sacred here, but no programmer likes to redo old code, especially someone elses, so I'm concerned the security vulnerabilities will not get fixed).

I feel like I'm totally missing something here....I thought that one of the big advantages of OSS was increased security, precisely because the code is accessible and able to be modified? Or as a newbie is there some piece of information that I'm lacking?
vox mailing list

vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.