[linux-elitists] Dateline April 12, 2001 Microsoft: Closed source is more secure

Karsten M. Self kmself@ix.netcom.com
Wed Aug 15 22:12:19 PDT 2001


on Wed, Aug 15, 2001 at 01:28:08AM -0700, Karsten M. Self (kmself@ix.netcom.com) wrote:
> ...and in the perspective of SirCam and CodeRed....
> 

> SAN FRANCISCO--The head of Microsoft's security response team argued
> here Thursday that closed source software is more secure than open
> source projects, in part because nobody's reviewing open source code for
> security flaws.

I guess the point I wanted to convey -- irony of an April press release
in light of the security fiascos of July and August -- needed stronger
emphasis.

I think the real lesson here is that security simply isn't automatic for
the masses, to borrow from REM.  Free software's certainly had its fuck
ups, proprietary's had more than its fair share as well.

Beyond that, though, I think the proprietary model gets in the way of
its own interests, not just in the manifold ways security and quality
are compromised as commentators such as Cringely have detailed, but in
the fact that the opposing forces of restricting distribution, creating
artificial scarcities, and requiring user authentication to access
security updates on the one hand, puts other users, the reputation of
the vendor, and even dilligent admins, at risk.

Numerous stories (several at The Register) have mentioned the problems
admins have had keeping up with patches.  This is where free software
shines.  Debian's long had an outstanding automated update system, Red
Hat and other GNU/Linux distros are implementing their own flavors of
same.  The bonus value is that, generally, there is no or little
licensing barrier to accessing such services.  In the case of Debian,
the system's open to all, for RH, my understanding is that a site gets
access to the update library (rpmfind, or whatever it is) on an
all-you-can-eat basis.

Focus on our strengths, not just making the other guy look bad.

-- 
Karsten M. Self <kmself@ix.netcom.com>          http://kmself.home.netcom.com/
 What part of "Gestalt" don't you understand?             There is no K5 cabal
  http://gestalt-system.sourceforge.net/               http://www.kuro5hin.org
   Free Dmitry! Boycott Adobe! Repeal the DMCA!    http://www.freesklyarov.org
Geek for Hire                        http://kmself.home.netcom.com/resume.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20010815/d2f6309d/attachment.pgp 


More information about the linux-elitists mailing list