On Thu, Oct 23, 2014 at 9:48 AM, Karthikeyan A K <[email protected]> wrote: > Who know how many shell shock Microsoft hides? And how many of it is known > by NSA?
I'm of the opinion that FOSS is certainly better. Your statement about MS does not give me added comfort with FOSS. I'm bothered about the vulnerabilities and impact in the absolute sense in FOSS. I've used FOSS for a long time and have managed a webfarm for 4 years in the 90s. I've always marvelled at the fact that Linux machines were simply rock solid, not hacked and a low overhead management platform while MS machines were insecure and a nightmare. I've never before encountered a serious vulnerability in Linux as Heartbleed/ shellshock that shook the foundation of the platform stack used for web applications itself. I referred to ESR's thoughts/works like CatB as I believe in them strongly (so much that I travelled to meet him for a chat at his residence in Wayne PA in the 90s). Those premises failed in these cases badly. Both SSL and Bash have been around for a long time, used by many and were considered robust components. It was after a long while that the enterprise segment believed in FOSS and adopted such robust pieces. That confidence has been pummelled by these incidents. The painstaking gains made by FOSS in enterprise adoption would get eroded, whether we like it or not. The sniggers will be back. I posted this originally as I was concerned when I saw the statistics quoted. This is what the commercial enterprise software vendors will grab and use against FOSS. Luckily, most of them used SSL/TLS and so cannot blow their own trumpets. We will need to wait and watch how the scenario unfolds and affects FOSS. -- Mohan Sundaram _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc ILUGC Mailing List Guidelines: http://ilugc.in/mailinglist-guidelines
