 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
My issue is two-fold: Number 1: open Source allows more of a "Hey, you didn't bother to think ahead and check this yourself, when you could have, therefore, why bother holding me liable." sort of scenario. This is good in our more and more litigious society. Number 2: I do not install anything on a mission critical system i have not personally reviewed, and checked the track record on. There are many sites which archive every vulnerability for just about any piece of software out there. It is the designer's/admin's responsibility to check these sites for possible vulnerabilities of the software he/she is installing. To make the excuse "i don't have the time" or "the vendor should have gave me the patch" is, in and of itself, a denial of responsibility (What i call the DoR attack, commonly found in extremely large corporations). Just my .0002 cents. -Jesse > -----Original Message----- > From: Brian J. Conway [mailto:dogbert at clue4all.net] > Sent: Thursday, June 01, 2000 8:51 AM > To: Subba Rao > Cc: Boston Linux Users > Subject: Re: The Myth of Open Source Security > > > > For the sake of discussion, here is an interesting article > on Open source security. > > > > http://developer.earthweb.com/journal/techfocus/052600_security.html > > While I think the article covers a lot of valid points, the > open source > model gives anyone that wants to a chance to look for security > holes. Even if no one looks at it and something slips > through, in this > case, it still is a better model than not being able to see > the code at > all and rely on shady developers to fix it for you. Sure > there will be > bugs, but at least open source allows for a mechanism of > finding them and > fixing them quickly. I'm still wondering why the author of > the software > is so concerned with touting all the holes in his program and > the flaws in > the open source model than fixing them himself. It would seem rather > counter-productive. > > Brian Conway > dogbert at clue4all.net > > > - > Subcription/unsubscription/info requests: send e-mail with > "subscribe", "unsubscribe", or "info" on the first line of the > message body to discuss-request at blu.org (Subject line is ignored). > - Subcription/unsubscription/info requests: send e-mail with "subscribe", "unsubscribe", or "info" on the first line of the message body to discuss-request at blu.org (Subject line is ignored).
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
