Firewall Wizards mailing list archives
Re: tunnel vs open a hole
From: Joseph S D Yao <jsdy () center osis gov>
Date: Tue, 15 Apr 2003 11:25:39 -0400
On Tue, Apr 15, 2003 at 10:06:02AM -0400, Marcus J. Ranum wrote:
Sloane, David wrote:I was just about to ignore this ever-expanding thread when this post from Mr. Ranum caught my attention. Every aspect of the problem is addressed by open-source software development.Spoken like a true believer... _BUT_ -- if open source is the solution, why do we still have the problem? mjr.
Open source is not the solution, but just another model. Two big holes: (a) it is not the only game in town, so people might NOT buy into it [and all too many don't, for the wrong reasons]; and (b) the only incentive to "get it right" in the majority of the projects where the programmers are not paid, is the pride of getting it right. While for many this should be enough, there are no funds for educating the programmers HOW to get it right, and so many holes can be overlooked. Plus, it depends solely on the project co-ordinator how much effort is put into reviewing the code for problems BEFORE a release. Witness the fact that [after being out there so many years] we are starting to see such an increase in reported exploitable [not necessarily exploited] flaws in open-source code. -- Joe Yao jsdy () center osis gov - Joseph S. D. Yao OSIS Center Systems Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of OSIS Center policies. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: tunnel vs open a hole, (continued)
- Re: tunnel vs open a hole Marcus J. Ranum (Apr 11)
- Re: tunnel vs open a hole Steven M. Bellovin (Apr 11)
- Re: tunnel vs open a hole Crispin Cowan (Apr 11)
- Re: tunnel vs open a hole Mark Gumennik (Apr 10)
- Re: tunnel vs open a hole Joseph S D Yao (Apr 10)
- RE: tunnel vs open a hole Behm, Jeffrey L. (Apr 10)
- Re: tunnel vs open a hole Dana Nowell (Apr 11)
- Re: tunnel vs open a hole Magosányi Árpád (Apr 15)
- RE: tunnel vs open a hole Sloane, David (Apr 15)
- RE: tunnel vs open a hole Marcus J. Ranum (Apr 15)
- Re: tunnel vs open a hole Joseph S D Yao (Apr 15)
- RE: tunnel vs open a hole Marcus J. Ranum (Apr 15)
- RE: tunnel vs open a hole Bowden, Kevin (Apr 15)
- RE: tunnel vs open a hole David Lang (Apr 15)
- Re: tunnel vs open a hole Julian Gomez (Apr 16)
- Re: tunnel vs open a hole Joseph S D Yao (Apr 16)
- RE: tunnel vs open a hole David Lang (Apr 15)
- RE: tunnel vs open a hole Sloane, David (Apr 16)