l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
April 21: Google Glass
Next Installfest:
TBD
Latest News:
Mar. 18: Google Glass at LUGOD's April meeting
Page last updated:
2004 Mar 06 19:14

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] Open Source and Security
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] Open Source and Security



on Mon, Mar 01, 2004 at 12:27:40PM -0800, Bill Kendrick (nbs@sonic.net) wrote:
> On Mon, Mar 01, 2004 at 12:10:39PM -0800, Byron Roberts wrote:
> >  I feel like I'm totally missing something here....I thought that
> > one of the big advantages of OSS was increased security, precisely
> > because the code is accessible and able to be modified?  Or as a
> > newbie is there some piece of information that I'm lacking?

<...>

> With closed-source, the barrier is immediate.  Example:
> 
>   "Hey Fred, OpenOffice.org seems to have a problem doing such-n-such"
> 
>      "Well I can try to fix it.  [pay me / I'm happy to help for free / etc.]"
> 
> 
> Versus:
> 
>   "Hey Fred, Microsoft Office seems to have a problem doing such-n-such"
> 
>      "That sucks.  I hope they fix it and provide an update some day..."
> 
> 
> In the first case, we assume Fred is interesting in helping, either for
> compensation or not.  In the second case, it doesn't matter.  Nothing
> you or Fred can do about it (except wait and hope).

This leaves off another option, highlighted by Thomas C. Greene in The
Register last week:  free software is modular.  Drop-in replacements
tend to be readily facilitated:

  "Fred, fizwutz has a security hole, and there's no fix, this is the
  ninth one this month."

  "Hrm.  Well, rutzwiz is a drop-in replacement with a far better
  security record, we can just tear out fizwutz and replace it.  I'll
  prototype it this afternoon, we should be able to convert by
  (tomorrow|next week|next month)" (Depending on site size).

Versus:

  "MS (Exchange|IE|SQL Server|Outlook|Word|Access|Palladium) has another
  critical buffer overflow."

  "We can't replace it without replacing everything...."

Note thta in the case of "fizwitz", we could be talking an application
(vim vs. nvi), a server (exim vs. postfix vs. smail), a library, a
protocoll (ftp vs. fish), or even an entire distro/OS/arch (Red Hat vs.
Debian vs. FreeBSD vs. OpenBSD vs.  x86 vs. hppa....)

Choice.  Flexibility.  Modularity.  Security.


Tom's article:


    Does open source software enhance security?
    By Thomas C Greene in Washington
    Posted: 05/03/2004 at 10:11 GMT

    http://www.theregister.co.uk/content/55/36033.html

    Analysis There are several reasons why open-source software provides
    for superior computer and network security, but the computing public
    seems confused about why this is so.

    <...>


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    Art is long and life is short.

Attachment: signature.asc
Description: Digital signature



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.