Hi, the shortest answer is, "No, it isn't".
A casual survey of the standard Vulnerability Databases(CVE at cve.mitre.org, Bugtraq at securityficus.com, X-Force at xforce.iss.net) reveals that this is not true. It may be that hackers/crackers create their attacks based mostly on the responses given by the application/s to their actions & input, but in any case, the source doesn't play a major role in it. The source is the reason why systems are vulnerable, but it rarely is the means used to detect the vulnerability. In fact, I found out a few months back, in the case of Buffer Overflow flaws, that (let alone Windows or any other closed source), even in the case of Linux, the offending code - one which caused the vulnerability - is almost never disclosed. ;) As to the idea that an open code means an easier way(for crackers) to discover possible threats, it is usually only a well designed & close scrutiny by an expert auditor that reveals such threats. To put an end to it, such code audits are quite time-consuming & expensive. Automated code-auditing is hence a hot new area of research. All the statements here are subject to correction. :) regards, Viraj On Tue, 01 Feb 2005 23:24:47 +0530, Rajev Mhasawade <[EMAIL PROTECTED]> wrote: > Hi, > I hope u all must be aware of Microsoft's statement over Linux.According > to them Linux's security claims are hyped and exaggerated.I was just > thinking of the same,isnt Linux, more vulnerable to security threats as > its source code is known by everyone? > I hope its not a silly question! :-) > Rajev > -- > -- ______________________________________________________________________ Pune GNU/Linux Users Group Mailing List: ([email protected]) List Information: http://plug.org.in/mailing-list/listinfo/plug-mail Send 'help' to [EMAIL PROTECTED] for mailing instructions.
