-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I was watching C-SPAN when I was down in the states a few weeks ago and they were showing subcommittee proceedings on cyber security. They had many 'experts' but the one thing that drew my attention was the CTO (i think it was the CTO) of Verisign who said that open source is generally no more secure than proprietary counterparts and that the openness of the software does not offer much to it being more secure. I have also heard this guardedly confirmed by other security individuals in the OSS community itself. The thinking is that the quality of the code is much lower; that many people do not even review the source with a very scrutinizing eye and those that do don't have the expertise required to pinpoint the various vulnerabilities that may be present. Now, I am no kernel hacker by any means but I thought it was interesting since the rest of the people on the panel (some fairly high-level programmers) tended to agree with the statement.
Personally, I think that having something as 'simple' as user/group permissions on files goes a lot further in securing a system than not having it. Of course, this means nothing once a box is rooted.
2cents
Jacob
Bogi wrote: | Hi | Funny how meany people can not appriciate the fact, that ispite of linux | being open source (hence any flaw can be very easily found and exploited) | still has far less exploitable/exploited flaws then vintage os, despite the | source is being kept as top-secret-for-onone-eyes-only. And i dont think | vintage has as large a base as vintage would like us to think. That number | comes from sales-figures (oem vintage os). Now how long would a vintage-os | last on a hard-disk after it gets home ?? | Hehe, till i find my Linux cds :-) | Cheers | Szemir | | Ps: Soorry , too mutch Balantines :-] | | On Thursday 25 September 2003 22:47, you wrote: | |>More secure, less secure... Currently, one must place more value on the |>process of disclosure and patching since no software is totally secure. In |>that vote, Open Source and Linux win hands down. At least, it makes _me_ |>feel more secure (knowing what's going on and what's been fixed). |> |>So I voted 'Yes'. :-D |> |>Curtis |> |>-----Original Message----- |>From: Kevin Anderson [mailto:[EMAIL PROTECTED] |>Sent: September 25, 2003 10:36 PM |>To: [EMAIL PROTECTED] |>Subject: (clug-talk) Voting Booth |> |> |>http://www.securitypipeline.com/newslettervote.jhtml |> |>We might as well weigh in... | | | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/c7f0LeoSBberRbgRAoPKAJ9VuZ0DP8mV9W3SoznCaxWY/bYVZQCfVDkJ eixCxyEmi/6QgaYIOFmv6oA= =zinh -----END PGP SIGNATURE-----
