lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: ge at linuxbox.org (Gadi Evron)
Subject: Microsoft prepares security assault on Linux

> IMHO the open source crowd fixes bugs a magnitude faster than the m$ lusers - check www.guninski.com,
 >there are dates on which vendors were notified. Check the unpatched 
exploder page to get an idea.

As much as generally and usually I'd vigorously agree with you, there is 
a lot to be said for:
1. A serious (note serious) commercial company that has a crew working 
on addressing security concerns, and updating the product.
2. A commercial company providing with liability (and responsibility) 
for the software you use (in other words - someone to blame).
3. No source available for people to examine, thus making it, to a 
level, harder to locate security "holes" - for outsides in any case.

I can come up with a few more.. but basically all I am saying is, 
support open source, don't condemn commercial software. There is a 
difference between the two ideologies, and one should follow/support
whichever suits him/her best. Constructive vs. destructive attitudes? :o)
-- 
       Gadi Evron (i.e. ge),
       ge@...uxbox.org.

The Trojan Horses Research mailing list - http://ecompute.org/th-list

My resume (Hebrew) - http://vapid.reprehensible.net/~ge/resume.rtf

PGP key for ge@...uxbox.org -
http://vapid.reprehensible.net/~ge/Gadi_Evron.asc
Note: this key is used mainly for files and attachments, I sign email 
messages using:
http://vapid.reprehensible.net/~ge/Gadi_Evron_sign.asc



Powered by blists - more mailing lists