Re: (clug-talk) Voting Booth

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I was watching C-SPAN when I was down in the states a few weeks ago and they 
were showing subcommittee proceedings on cyber security. They had many
'experts' but the one thing that drew my attention was the CTO (i think it was 
the CTO) of Verisign who said that open source is generally no more
secure than proprietary counterparts and that the openness of the software does 
not offer much to it being more secure. I have also heard this
guardedly confirmed by other security individuals in the OSS community itself. 
The thinking is that the quality of the code is much lower; that many
people do not even review the source with a very scrutinizing eye and those 
that do don't have the expertise required to pinpoint the various
vulnerabilities that may be present. Now, I am no kernel hacker by any means 
but I thought it was interesting since the rest of the people on the
panel (some fairly high-level programmers) tended to agree with the statement.

Personally, I think that having something as 'simple' as user/group permissions 
on files goes a lot further in securing a system than not having it.
Of course, this means nothing once a box is rooted.

2cents

Jacob

Bogi wrote:
| Hi
| Funny how meany people can not appriciate the fact, that ispite of linux
| being open source (hence any flaw can be very easily  found and exploited)
| still has far less exploitable/exploited flaws then vintage os, despite the
| source is being kept as top-secret-for-onone-eyes-only. And i dont think
| vintage has as large a base as vintage would like us to think. That number
| comes from sales-figures (oem vintage os). Now how long would a vintage-os
| last on a hard-disk after it gets home ??
| Hehe, till i find my Linux cds :-)
| Cheers
| Szemir
|
| Ps: Soorry , too mutch Balantines :-]
|
| On Thursday 25 September 2003 22:47, you wrote:
|
|>More secure, less secure...  Currently, one must place more value on the
|>process of disclosure and patching since no software is totally secure.  In
|>that vote, Open Source and Linux win hands down.  At least, it makes _me_
|>feel more secure (knowing what's going on and what's been fixed).
|>
|>So I voted 'Yes'.  :-D
|>
|>Curtis
|>
|>-----Original Message-----
|>From: Kevin Anderson [mailto:list-server@xxxxxxxxxxxxx]
|>Sent: September 25, 2003 10:36 PM
|>To: clug-talk@xxxxxxxxxxxxxxxx
|>Subject: (clug-talk) Voting Booth
|>
|>
|>http://www.securitypipeline.com/newslettervote.jhtml
|>
|>We might as well weigh in...
|
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/c7f0LeoSBberRbgRAoPKAJ9VuZ0DP8mV9W3SoznCaxWY/bYVZQCfVDkJ
eixCxyEmi/6QgaYIOFmv6oA=
=zinh
-----END PGP SIGNATURE-----