I think that the prerequisite is a user community for the OS that demands that security holes be fixed, and a developer who is committed to fixing the holes. IBM isn't perfect, but they have been taking security seriously for quite some time now. It remains to be seen whether Microsoft is truly committed to security, or whether it is just doing a PR exercise. The Microsoft user community does not seem to be demanding that holes be fixed. On the other hand, the Linux development community does seem commmitted to security, but I can't read the state of the user community.
> -----Original Message----- > From: Phil Payne [SMTP:[EMAIL PROTECTED]] > Sent: Saturday, February 01, 2003 11:41 AM > To: [EMAIL PROTECTED] > Subject: Microsoft gets an 'F' > > "Microsoft was completely hosed (from Slammer). It took them two days to > get out from under > it," said Bruce Schneier, chief technology officer of Counterpane Internet > Security, a network > monitoring service provider. "It's as hypocritical as you can get." > > http://www.cnn.com/2003/TECH/biztech/02/01/microsoft.security.reut/ > > It's an interesting thought. > > Most practitioners generally accept z/OS as setting the standard for > security, when properly > installed. But MVS was essentially built on an even more 'open source' > base than Open Source > software - OS/360 was public domain and the source was available for the > cost of tape > shipment. It was riddled with security exposures - I know someone who > collected 37 ways to > break OS/360 MVT and only gave up out of boredom. Today its descendant is > damn near bomb > proof. > > Linux looks like following down the same road. The question that occurs > to me is - is free > access to the source of an operating system actually a prerequisite for > this? > > -- > Phil Payne > http://www.isham-research.com > +44 7785 302 803 > +49 173 6242039
