Full Disclosure mailing list archives
RE: [inbox] Re: RE: Linux (in)security
From: Michal Zalewski <lcamtuf () ghettot org>
Date: Thu, 23 Oct 2003 21:48:15 +0200 (CEST)
On Thu, 23 Oct 2003, Curt Purdy wrote:
This is the reason open-source is inherently more secure.
Oh please. Count Apache bugs this year. Compare to IIS in the same period. There's nothing inherent to any of the development models. There are good developers and bad developers on both sides. There are projects and/or components that are more secure, and ones that are less secure. Finding bugs in closed source is trivial, and so is finding them in open source - protocols are usually well-documented or easy to rev-eng, and very few vulnerabilities both in CS and OS result from through source code audits, as opposed to just brute force, fuzz, "what ifs" or dumb luck. Closed source bugs, if you look at them, are often equally complex and nontrivial as OS bugs, suggesting there is no real problem with testing CS code.
First, people can actually audit it for security (you think IBM recommended Linux without going over every single line of code?)
Yes. That said, from now on, we are on a crash course to a pointless flame war, I'm going to shut up now. -- ------------------------- bash$ :(){ :|:&};: -- Michal Zalewski * [http://lcamtuf.coredump.cx] Did you know that clones never use mirrors? --------------------------- 2003-10-23 21:39 -- http://lcamtuf.coredump.cx/photo/current/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: RE: Linux (in)security, (continued)
- RE: RE: Linux (in)security Arcturus (Oct 22)
- Re: RE: Linux (in)security Jeremiah Cornelius (Oct 22)
- Re: RE: Linux (in)security Mr. Rufus Faloofus (Oct 22)
- Re: RE: Linux (in)security Peter Busser (Oct 22)
- Re: RE: Linux (in)security Cael Abal (Oct 22)
- Re: RE: Linux (in)security Peter Busser (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Curt Purdy (Oct 22)
- RE: [inbox] Re: RE: Linux (in)security Michal Zalewski (Oct 22)
- RE: [inbox] Re: RE: Linux (in)security Ron DuFresne (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Curt Purdy (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Michal Zalewski (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Ron DuFresne (Oct 23)
- Re: [inbox] Re: RE: Linux (in)security William Warren (Oct 23)
- Re: [inbox] Re: RE: Linux (in)security Ron DuFresne (Oct 24)
- Re: [inbox] Re: RE: Linux (in)security Jeremiah Cornelius (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Paul Schmehl (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Andy Wood (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Paul Schmehl (Oct 23)
- Re: [inbox] Re: RE: Linux (in)security Dan Wilder (Oct 23)
- Re: [inbox] Re: RE: Linux (in)security Paul Schmehl (Oct 23)
- Re: [inbox] Re: RE: Linux (in)security Peter Busser (Oct 24)