Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On 8/14/07, Matt Nicholson <sjoeboo-RG5ZOK3LcrdBDgjK7y7TUQ at public.gmane.org> wrote: > Ah yes, but the fact that the source code is available benefits both the > people looking for holes and those fixing them. With IE, only M$ could offer > the fixes. With something open source, yes, its easier to find holes, since > you can look right at the code, but also, more people (not the the > company/group behind the software) can offer up patches and fixes, since > anyone can get their hands on the same code and resources the "core" > developers have. Any knowledgeable security research will tell you that having the source code doesn't matter. In fact, some claim it is easier to just look at the assembly than the source, because some bugs, once compiled, and not exploitable. Looking at the binary gives you complete reassurance of the possibilities. The part about fixing bugs is true. Open source software is faster to deliver a patch. But that's only when a vulnerability is known. What about unpublished vulnerabilities? Almost any product is vulnerable, so it is just a matter of time if you become the target of a bad guy or not. The point is to make it as tough as possible. Guys like Solar Designer have researched and implemented some great security features into his distro, which have proliferated elsewhere and are even in Microsoft Windows now :-) It makes we wonder why people continue to claim that open source software is not innovative. Here are some big examples, with fuzzy dates as I can't remember... Firefox tabbed browsing (2002?) -> IE7 (2006) Truly transparent windowing (compiz 2001?) -> Vista Aero (2006) Address Space Layout Randomization (openbsd ???) -> Vista (2006) ...and much more. Too much to list...you get the point :-) -- Kristian Erik Hermansen -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |