Re: Microsoft prepares security assault on Linux

["Charles E. Hill" <chill () herber-hill com>]

<snip>

> 2. A commercial company providing with liability (and responsibility)
> for the software you use (in other words - someone to blame).

What commercial software company actually offers guarantees and some form
of liability?  I've *never* heard of anyone successfully suing MS or
Oracle or anyone else for their software screwing up.  SAYING you can
blame Microsoft is one thing -- doing it (other than pointing fingers) is
another.

> 3. No source available for people to examine, thus making it, to a
> level, harder to locate security "holes" - for outsides in any case.
>
>        Gadi Evron (i.e. ge),
>        ge () linuxbox org.

You mean like the backdoor inserted -- by company programmers -- into
Borland's/Inprise's Interbase database?  The one that wasn't discovered
until the program was open sourced - several YEARS later?  Yes, it had
been exploited for YEARS by the hacking community.

Putting it bluntly, auditing takes time and skill.  Closed source
companies main priority are NOT stability and security, but "good enough"
so they can sell more software.  Dedicating programmers to do nothing but
fix bugs is a waste of company resources, after that "good enough" line is
crossed.

At least with open source I have the option of either fixing little bugs
myself, or paying someone to do it.  With closed source, my business is at
the mercy of the software company.

Charles E. Hill
Senior Partner
Herber-Hill LLC

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html