Forwarded from: Russell Coker <russellat_private> On Mon, 16 Dec 2002 12:17, InfoSec News wrote: > Forwarded from: Mark A. Simos <MSimosat_private> > Cc: myemailaccountat_private > > The attacks on Microsoft's security are getting repetitious and > counter-productive. There are plenty of flaws in many open source > products that could be listed and lambasted on a list such as this. The security problems in Open Source programs are not hidden or down-played. They are fixed as rapidly as possible. Also Open Source software is much easier to fix. "apt-get update ; apt-get dist-upgrade" is much easier than the process of applying fixes for MS operating systems. > IMHO, the attacks have worked and should be put aside until it is > obvious they are needed again. What do you mean by this? Are you referring to the fact that it is necessary to exploit security holes in commercial products to get the vendor to fix them? > The company shutdown production for 2 months and forced every > developer to review every line of code. For that to be true they would need to be very inefficient programmers or very efficient auditors. Auditing code for security holes and fixing them is very difficult work. I simply don't believe that they are capable of auditing all the code in that time. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 13:12:32 PST