| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: chill at herber-hill.com (Charles E. Hill) Subject: Microsoft prepares security assault on Linux <snip> > 2. A commercial company providing with liability (and responsibility) > for the software you use (in other words - someone to blame). What commercial software company actually offers guarantees and some form of liability? I've *never* heard of anyone successfully suing MS or Oracle or anyone else for their software screwing up. SAYING you can blame Microsoft is one thing -- doing it (other than pointing fingers) is another. > 3. No source available for people to examine, thus making it, to a > level, harder to locate security "holes" - for outsides in any case. > > Gadi Evron (i.e. ge), > ge@...uxbox.org. > You mean like the backdoor inserted -- by company programmers -- into Borland's/Inprise's Interbase database? The one that wasn't discovered until the program was open sourced - several YEARS later? Yes, it had been exploited for YEARS by the hacking community. Putting it bluntly, auditing takes time and skill. Closed source companies main priority are NOT stability and security, but "good enough" so they can sell more software. Dedicating programmers to do nothing but fix bugs is a waste of company resources, after that "good enough" line is crossed. At least with open source I have the option of either fixing little bugs myself, or paying someone to do it. With closed source, my business is at the mercy of the software company. Charles E. Hill Senior Partner Herber-Hill LLC
Powered by blists - more mailing lists