| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Feb 2004 16:00:59 -0800 From: "Drew Copley" <dcopley@...e.com> To: "Paul O'Malley" <schildt@....ie> Cc: "Gadi Evron" <ge@...tistical.reprehensible.net>, <bugtraq@...urityfocus.com>, <full-disclosure@...ts.netsys.com> Subject: RE: RE: W2K source "leaked"? > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of > Paul O'Malley > Sent: Friday, February 13, 2004 9:10 AM > To: Drew Copley > Cc: Gadi Evron; bugtraq@...urityfocus.com; > full-disclosure@...ts.netsys.com > Subject: [Full-Disclosure] RE: W2K source "leaked"? > > Hi, > > If you do work on or would like to work on Free Open Source Software > code, do not expose yourself to this, it is dangerous. > Simple if you ain't seen it you can't be influenced by it [1]. > You may have had opportunity but it was not your problem. > RMS [2] was right in his essays. I have worked for an opensource company. It went belly up. Not that the model could not have worked... You remind me of a point, though... Microsoft has claimed for quite sometime that one of their big selling points over Linux is the fact that their sourcecode is closed. They embraced the "security by obscurity" model to the exclusion of common sense. This is unfortunate for them under these circumstances. Let's dredge these articles up a bit... Oh, here's a good one: Microsoft: Closed source is more secure http://www.securityfocus.com/news/191 Quote: Making source code public also increases the risk that attackers will find a crucial security hole that reviewers missed, said Lipner. "That argument sounds like an argument for 'security through obscurity,' and I apologize. The facts are there." ... End of quote. And, this is very interesting considering their current problem. Which was totally a matter of time. I am surprised they did not provide a better public stance for this. They are arguing that it doesn't matter that their source is out there. Quote: But Microsoft downplayed the security angle. In its statement the company said the main concern is the potential theft of its handiwork rather than the possible security threat that such a leak might pose. "If a small section of Windows source code were to be available, it would be a matter of intellectual property rights rather than security," Microsoft said. ... End of quote. http://zdnet.com.com/2100-1104-5158496.html?tag=nl > > Best regards, > > Paul O'Malley > > [1] a conspiracy theorists dream / nightmare > [2] Richard M.Stallman Free Software Freesociety: selected essays of > and for those who still don't understand, use a search engine to find > them on line :-). > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists