On Thu, Jun 20, 2002 at 07:14:00PM -0700, Andrew Plato wrote: > Just stumbled across this interesting story...I am sure it will fan some flames. > > Proprietary programs should mathematically be as secure as those > developed under the open-source model, a Cambridge University > researcher argued in a paper presented Thursday at a technical > conference in Toulouse, France. > > In his paper, computer scientist Ross Anderson used an analysis > equating finding software bugs to testing programs for the mean time > before failure, a measure of quality frequently used by manufacturers. > Under the analysis, Anderson found that his ideal "open-source" > programs were as secure as the "closed-source" programs. > > http://story.news.yahoo.com/news?tmpl=story&ncid=70&e=1&cid=70&u=/cn/20020621/tc_cn/938124 > > Now what will really bake your noodle is: do we consider that a > set-back for open-source or a triumph for closed source? Bah, read the whole article, you conviently left out the following quotes: However, the paper has yet to be peer-reviewed and errors in his assumptions could undermine his theory. Furthermore, he acknowledged that real-world considerations could easily skew his conclusions. "Even though open and closed systems are equally secure in an ideal world, the world is not ideal, and is often adversarial," Anderson said. I live in the real world, not the theoretical world :) And remember, there's a lot more to security theories than mathemetical models. His model does nothing to talk about the time it takes to _fix_ a problem once found. For that, nothing beats open source programs, and that has been proven (sorry, can't remember the actual citations, but I'm sure Crispin has them somewhere...) greg k-h
This archive was generated by hypermail 2b30 : Thu Jun 20 2002 - 22:55:35 PDT