How To Argue That Open Source Software Is Secure? 674
Smidge207 writes "Lately there has been a huge push by Certified Microsoft Professionals and their companies to call (potential) clients and warn them of the dangers of open source. This week I received calls from four different customers saying that they were warned that they are dangerously insecure because they run open source operating systems or software, because 'anyone can read the code and hack you with ease.' Other colleagues in the area also have noticed that three local Microsoft Partners have been trying to strike fear in the minds of companies that respond, 'Yes, we use open source or Linux' when the sales call comes in. I know this is simply a sales tactic by these companies, but how do I fix the damage these tactics cause? I have several customers who now want more than my word about the security of systems that have worked for them flawlessly for 5-6 years, with minimal expense outside of upgrades and patching for security. Does anyone have a good plan or sources of reliable information that can be used to inform the customer?"
Not sure about customers, but... (Score:5, Funny)
I had a professor say that kind of thing in class once. He said that "Linux will never be as secure as Windows because it's open source. Anyone can see the source code and use it to hack your computers."
It was completely involuntary on my part, but I let out a loud, and I do mean LOUD, "WHAT?".
He turned and looked at me, I said "I'm sorry but that's not correct. Look at OpenBSD, it's open source too and there has been exactly one remote exploit in a default install in the past six years. Microsoft wishes that Windows had that kind of track record." He stammered and stuttered and then moved on with his lecture.
LK
Re:Point Out Their Records (Score:5, Funny)
For anybody too dense to get it, show them the You Tube clips of Gates & Seinfeld.
Re:There are lots of big names... (Score:2, Funny)
Sun, IBM, and several others are MAJOR contributors. Why would they contribute to something that's so insecure?
They are collaborating with alien life forms that are trying to weaken the technological infrastructure of Earth.
Why would Google spend millions of dollars every year to fund Summer of Code?
They are giving young people a bit of feel-good educational employment just like Jim Jones gave his followers free Kool Aide.
Why would MySQL be one of the most popular RDMBS
Because people can't afford Microsoft SQL server.
Re:how to argue that closed source is secure? (Score:3, Funny)
When they report the flaws, do the get a red shirt as a reward?
Re:turn tables (Score:2, Funny)
Yes, yes I have.
Re:turn tables (Score:3, Funny)
I did...
there were no backdoors...
about 5 front doors, 2 sliding glass doors, 1 pocket door and 3 sets of french doors(ptooey!)...but no back doors were evident.
Re:buying the false argument (Score:1, Funny)
Offer your clients periodic penetration tests as a routine part of your service.
I tried that with my wife... not so good.
To Prove OSS Secure (Score:1, Funny)
If somebody asked me if OSS was secure, I'd just give them this link. Why didn't Smidge207 think of that?
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/WEwXU8vwEqE/article.pl [slashdot.org]
Re:Fight back (Score:4, Funny)
Of course they can do the same: "When OS is hacked who solves your problem? Some good samaritan? Who do you blame? Microsoft has a whole team of professional security experts who are standing by 24 hours a day...."
Allegory : Live testing of bullet-proof vests (Score:2, Funny)
Say you were given the task of live-testing bullet-proof vests from two manufacturers. One gives you full access to vest design, construction and material specs, the other tells you that you just have to trust him, the vest is safe. Which vest would you choose for the live-test ?