Security of Open vs. Closed Source Software 366
morhoj writes "Cambridge University researcher Ross Anderson just released a paper concluding that open source and closed source software are equally secure. Can't find a copy of the paper online yet, but I thought this would make for an interesting morning conversation. You may not agree with him, but anyone who's on the BugTraq List can tell you that open source software isn't as bug free as we would all like to think." I found Anderson's paper, so read it for yourself. There are some other interesting papers being presented at the conference as well.
PDF sucks, here is HTML (Score:1, Informative)
Is there a real valid reason for this type of document to be in PDF form? Not to mention it is 122k vs 44k for HTML.
Re:HA HA HA HA (Score:3, Informative)
If he truely said this... Then the report is laughable.
It doesn't take long to verify, you know....
Acroread->Search->"Idealizing"
No occurences of 'Idealizing' were found in the document.
Conclusion: wherever that text comes from, it's not the paper being discussed. More luck next time.
(-1, Lazy) for not doing the search yourself
Re:Another viewpoint (Score:3, Informative)
Open source, with it's ease of finding flaws, reduces this "true window" of exposure.
No, this is wrong.
Open Source INCREASES the window of expousure. With open source everybody, the good "examiner/reviewer" and the bad attacker, has he ability to find a flaw by analyzing source as soon as the source is released.
With closed source the attacker needs to analyze the assembly code or needs to drive black box attacks from the outside.
The "window of exposure" is in both caes the same, the flawed system has "a flaw" since it is installed and running somewhere and such it is open for an attack even if no one ever will know how to attack it.
If YOU like to distinguish between (hypotetical) window of exposure and true window of exposure you have to conclude that the true window of exposure is in OSS bigger.
angel'o'sphere
Windows operating systems re-configure themselves. (Score:3, Informative)
"... why do my Win2k installs slow down to a crawl after a few weeks..."
Windows operating systems re-configure themselves without telling the user. Bill believes he knows better than you.
I find bugs and insufficiencies in open source software. But generally open source software impresses me as an attempt to do a good job.
In contrast, Microsoft software seems just sloppy. For example, Microsoft's Internet Explorer has 18 unpatched security bugs [jscript.dk] (when this was written). These active security risks are different from the recent 15 that have already been fixed. This is sloppiness, not mistakes, and I don't find anything like it in the open source world.
In case the
By the way, when Windows becomes slow because it re-configured itself, try this: