| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: jeremiah at nur.net (Jeremiah Cornelius) Subject: why commcerical software *could* be better [WAS: Re: Microsoft prepares security assault on Linux] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 12 November 2003 22:33, Gadi Evron wrote: <SNIP> > As much as generally and usually I'd vigorously agree with you, there is > a lot to be said for: > 1. A serious (note serious) commercial company that has a crew working > on addressing security concerns, and updating the product. Not bloody well manifested by the evidence in hand now, is it? I would say that eEye has been a better crew working on windows security concerns than MS. > 2. A commercial company providing with liability (and responsibility) > for the software you use (in other words - tech support and someone > to blame). Liability? Oh, yeah. MS makes hay about IBM not indemnifying Linux users (as if IBM supplied distros!) How much money is MS shelling out to cover costs incurred by Melissa/Nimda/Code Red/Slammer/Blaster/etc. ? Smoke screen and BS. > 3. No source (!!) available for people to examine, thus making it, to a > level, harder to locate security "holes" - for outsides in any case. Almost every one of the vulnerabilities that I reference were discovered by independent 3rd parties, with access only to derived binary objects. MS - with privileged access to sources - never discovered any of these flaws internally. > I can come up with a few more.. but basically all I am saying is, > support open source, don't condemn commercial software. There is a > difference between the two ideologies, and one should follow/support > whichever suits him/her best. Constructive vs. destructive attitudes? I assert -unoriginally- that the reasons to oppose closed-source software are considerations of freedom and access, not quality. That said, the arguments are not with commercial software as a class, but with Microsoft. This relates to specific practices and products - all of which are agrivated by a monopoly position in the market. > Don't allow bad examples to cloud your better judgment. > Or good ones. ;-) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/sqJwJi2cv3XsiSARAgEVAJkBGKG8xXdCrfUtga1APhOicSU5/wCgiDGg jyqs53MXFSRRlMkesdxJrWY= =ruy4 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists