Dailydave mailing list archives
Open Source Not Exploited More Often.
From: dave <dave () immunityinc com>
Date: Tue, 08 Jun 2010 10:07:51 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 From: http://www.technologyreview.com/computing/25480/page1/ """ Open-Source Could Mean an Open Door for Hackers A new analysis suggests that attackers exploit open-source software flaws faster and more effectively. """ I wanted to point out a couple things about Sam Ransbotham's paper ( http://weis2010.econinfosec.org/papers/session6/weis2010_ransbotham.pdf ). There's no reason to draw the kind of conclusions he drew without a lot more analysis, and I have reason to believe better analysis would end up contradicting his conclusions. Here are a couple real-world factors that, in my opinion, invalidate the analysis: 1. PHP - based on the data, as I understand it, one WordPress bug that is widely exploited can tilt the balance of the whole study. 2. Microsoft Tuesday - When vulnerabilities are bundled into one patch or patch-set, attackers only have an incentive to build one exploit for one vulnerability. The Open Source vendors release "as we find/fix them" as opposed to "all at once" which would drastically shift the results to make it look like Open Source is more exploited, imho. Likewise, the paper ignores 0day and is based on a set of events from an IDS, which makes it hard to avoid wondering about massive data-set skew. But even within that dataset, I think better analysis would come to completely different conclusions. Thanks, Dave Aitel Immunity, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkwOTrcACgkQtehAhL0ghepLcACfYrMxjwl+eLjZBP1V4rKtnxZL /L0AnA38QiFEU/cFZ5+BKIzVAFDr3Jci =FQrf -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Open Source Not Exploited More Often. dave (Jun 08)
- Re: Open Source Not Exploited More Often. Jonathan Cran (Jun 08)