Security Basics mailing list archives
RE: Why open source software is more secure
From: Craig Wright <Craig.Wright () bdo com au>
Date: Tue, 13 May 2008 18:33:50 +1000
Most secure software is not OSS. The few pieces of really secure code I have seen all belong to: A Military - specialist systems (missile guidance etc) that do not reflect most code B Selected Casino operations There is relatively secure or insecure code in all areas. There is little if any correlation to OSS or not. Some individuals write good code. Some of these write OSS, some write for vendors. Regards, Craig Wright GSE-Compliance -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Alexander Klimov Sent: Tuesday, 13 May 2008 12:44 AM To: security-basics () securityfocus com Subject: Re: Why open source software is more secure It is not clear what is "more secure". For example, if we define that software is secure if it has no exploitable bugs, then it is either secure or it is not. I suspect that there is only a small number of non-trivial secure software and all of them are happened to be OSS -- this is not because open process magically makes software secure, but because these specimens were written by security zealots. Why most of software is not secure? It is very simple to answer: because nobody really cares (even if they claim they do, "normal" people do not behave accordingly). Most of the users do not care and thus commercial software is not secure (by the way, according to EULA liability is usually limited to the price you pay to get the software); most of the developers are not security zealots and thus OSS software is not secure. -- Regards, ASK
Current thread:
- RE: Why open source software is more secure, (continued)
- RE: Why open source software is more secure Hayes, Ian (May 08)
- Re: Why open source software is more secure Chad Perrin (May 08)
- Re: Why open source software is more secure aliasghar.toraby () gmail com (May 08)
- Re: Why open source software is more secure Adriel Desautels (May 08)
- Re: Why open source software is more secure Ivan . (May 09)
- Re: Why open source software is more secure Alexander Klimov (May 12)
- RE: Why open source software is more secure Robinson, Sonja (May 12)
- RE: Why open source software is more secure Craig Wright (May 13)
- RE: Why open source software is more secure Hayes, Ian (May 13)
- Re: Why open source software is more secure Chad Perrin (May 13)
- RE: Why open source software is more secure Robinson, Sonja (May 12)
- RE: Why open source software is more secure Craig Wright (May 13)
- RE: Why open source software is more secure Murda Mcloud (May 09)
- RE: Why open source software is more secure Chuck Taylor (May 09)
- RE: Why open source software is more secure Nick Vaernhoej (May 09)