| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: ge at egotistical.reprehensible.net (Gadi Evron)
Subject: clarification - reasons as to why commercial software *could* be
better
Okay. This all starts to have the feeling of a flame war to me, so I
will summaries what I think was mis-understood, explain where I start
and my reasoning and call it a.. morning.
First of all, notice the subject.. *could* be better, not *is* better.
I do believe in open source, and most of my machines are open source based.
Microsoft, we all don't like Microsoft, ranging from being uncomfortable
with it to pure hate. I just don't see why we have to blame the whole
world with Microsoft.
Microsoft is not a very good representation of commercial software when
it comes to security. On the other hand, when you count economic success...
As to open source, and whether it is more secure or not, is really a
matter of personal opinion, one could present arguments either way.
Many companies chose commercial software because of the arguments I
presented earlier, and pasted again below.
MY POINT was, that there are things to be said for commercial software,
whether they are theoretical or practical, that can be presented against
open source software as better.
The over-all comparison is a very different issue. I was not comparing
it to open source software. I keep an open mind.
And excuse me, but with all the respect in the world.. as to my LAST
point (3) - when one doesn't have the source code, one finds it more
difficult, AGAIN, to a level, to find holes in the software.
NOT every kid in the world who *knows* how to read code, also knows how
to even.. use a disassembler. If that takes some kids off the software's
"back". it is a plus. Is it a major one? I think it is. But that is only
my opinion.
I don't really understand why some of you would chose to attack the
whole issue, and myself personally, rather than present arguments
against commercial software, instead of _for_ open source, i need no
convincing there. I even stated that I personally am for open source..
go figure. This was not the subject of the email message.
Blind zealots! :)
Personally, I'd rather view the code and find any potential risks
myself, but it doesn't change the fact that when a serious company (as i
mentioned before, serious) releases a product, it may, to a level, be
better because of all the perks you get by relying on it being
commercial software. On the good side, as I mentioned earlier, can be:
> 1. A serious (note serious) commercial company that has a crew working
> on addressing security concerns, and updating the product.
Note, serious company ?
> 2. A commercial company providing with liability (and responsibility)
> for the software you use (in other words - tech support and
> someone to blame).
Who talked about law suits? I mentioned tech support and blame.
</cynic>
> 3. No source (!!) available for people to examine, thus making it, to
> a level, harder to locate security "holes" - for outsides in any
> case.
Read again what I said - TO a level, harder.
I hope this clears things.
I would like to thank those of you who answered seriously, especially
those who disagreed with me
To all the trolls: remember, this is the Internet. 10 years from now
someone will Google (or whatever else) you and see you as a troll. :o)
--
Gadi Evron (i.e. ge),
ge@...uxbox.org.
The Trojan Horses Research mailing list - http://ecompute.org/th-list
My resume (Hebrew) - http://vapid.reprehensible.net/~ge/resume.rtf
PGP key for ge@...uxbox.org -
http://vapid.reprehensible.net/~ge/Gadi_Evron.asc
Note: this key is used mainly for files and attachments, I sign email
messages using:
http://vapid.reprehensible.net/~ge/Gadi_Evron_sign.asc
Powered by blists - more mailing lists