Forwarded by: seraphim <seraphimat_private> This is blasphemous - In no way does making closed source software "more secure" or "less open to attacks." The reason open source is so well taken is the simple (and obvious?) fact that it is open to everyone, and can be reviewed openly and freely. Md5 checksums exist to maintain developer to consumer integrity...so malicious hackers changing open source code and implementing back doors/trojans is out of the question. I would think it very difficult to forge a md5 checksum. Lets put our least favorite Operating System under scrutiny - Micorosft Windows is closed source - meaning Microsoft can put what ever they feel like into the code....and only tell the consumer what they want to hear. Easter Eggs anyone? It is very much more plausible to implement malicious code/backdoors/trojans in a closed source enviroment, assuming the intent to do so is internal to the company designing the software. Which might just be the case - If Microsoft coders can put Easter Eggs in their software...what stops a skilled coder working for Microsoft to put in backdoors or any other nasty surprise? The idea Lipner is failing to grasp is that by opening our software to the public, and letting coders/hackers break the code and test it, is to simply make it stronger. By abusing the code it gets better - Coders/hackers find a weakness - their authors fix it - and the program becomes stronger. And need we mention Open source software is a ultra cheaper (more like free?) then closed software scenarios. Just my two cents - seraphimat_private ----- Original Message ----- From: InfoSec News <isnat_private> To: <ISNat_private> Sent: Saturday, April 14, 2001 1:26 PM Subject: [ISN] Closed source is more secure -- MS > http://www.theregister.co.uk/content/8/18286.html > > By: Kevin Poulsen > Posted: 13/04/2001 at 08:27 GMT > > The head of Microsoft's security response team argued here > Thursday that closed source software is more secure than open > source projects, in part because nobody's reviewing open source > code for security flaws. > > "Review is boring and time consuming, and it's hard," said Steve > Lipner, manager of Microsoft's security response center. "Simply > putting the source code out there and telling folks 'here it is' > doesn't provide any assurance or degree of likelihood that the > review will occur." ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERVat_private with a message body of "SIGNOFF ISN".
This archive was generated by hypermail 2b30 : Tue Apr 17 2001 - 02:53:38 PDT