Re: aside: worm vs. worm?

[Darren Reed <avalon () caligula anu edu au>]

In some mail from security snot, sie said:
> Darren,
>
> Had this worm been directed at any opensource vendor, would you feel the
> same?  If the Snort worm had been designed to launch attacks against
> SourceFire, are you telling me you wouldn't bitch about the mean kids
> picking on Marty and Brian?

I don't think the situation is in any way comparable to what you're
trying to paint.

People who do opensource rarely get compensation for their work that
is used as opensource and this generally leading them to not being
large money making monopolies with billions in the bank and on top of
that, as opensource is generally free the term "you get what you pay
for" comes to mind.

In case you're wondering, I'm deliberately not answering the direct
question you asked because I don't believe it's relevant and that if
you actually comprehended and understood the position my original
email was making, you wouldn't need to ask it in the first place.

Now that I think of it, I don't think that anyone has ever raised the
question of is the price of windows software commensurate with the
level of security you get?  Bear in mind that the severity of incidents
with Microsoft products is amplified by their prevalence on the Internet.

If there was a choice between two Microsoft products, one was $20,000
and the other was $200 where the difference was (say) the $20,000 one
didn't have bugs like this RPC DCOM problem (for whatever reason),
what one would people buy ?  Lets assume, for arguments sake, that the
$20,000 one is 100 times better in terms of reliablity and security but
otherwise all your games/office apps function the same.

Darren
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html