nanog mailing list archives
Re: Cisco crapaganda
From: "Steven J. Sobol" <sjsobol () JustThe net>
Date: Sat, 13 Aug 2005 15:02:08 -0400 (EDT)
On Sat, 13 Aug 2005, Dave Howe wrote:
Rich Kulawiec wrote:More bluntly: the closed-source, "faith-based" approach to security doesn't cut it. The attacks we're confronting are being launched (in many cases) by people who *already have the source code*, and who thus enjoy an enormous advantage over the defenders.
TBH though, usually the open source "faith based" approach to security doesn't cut it either. its easy to say "its open source, therefore anyone can check the code" but much harder to actually find someone who has taken the time to do it....
Depends on the project. Some OSS projects turn around enhancements and bug fixes, and fix vulnerabilities, quickly. Some don't. Some do some of the time, depending on the type of change. (For example, Mozilla is good about patching vulnerabilities quickly, but there's an Thunderbird enhancement almost 200 people voted for on Bugzilla, that people have been complaining about for months, that they've not done anything about.) -- Steve Sobol, Professional Geek 888-480-4638 PGP: 0xE3AE35ED Company website: http://JustThe.net/ Personal blog, resume, portfolio: http://SteveSobol.com/ E: sjsobol () JustThe net Snail: 22674 Motnocab Road, Apple Valley, CA 92307
Current thread:
- Cisco crapaganda J. Oquendo (Aug 09)
- Re: Cisco crapaganda James Baldwin (Aug 09)
- Re: Cisco crapaganda Michael . Dillon (Aug 09)
- Re: Cisco crapaganda Rich Kulawiec (Aug 12)
- Re: Cisco crapaganda Stephen J. Wilcox (Aug 12)
- Re: Cisco crapaganda Dave Howe (Aug 13)
- Re: Cisco crapaganda Steven J. Sobol (Aug 13)
- Re: Cisco crapaganda Rich Kulawiec (Aug 12)
- Re: Cisco crapaganda Dan Hollis (Aug 09)
- Re: Cisco crapaganda chuck goolsbee (Aug 09)
- <Possible follow-ups>
- Fwd: Cisco crapaganda James Baldwin (Aug 09)
- Re: Fwd: Cisco crapaganda Valdis . Kletnieks (Aug 09)
- Re: Cisco crapaganda James Baldwin (Aug 09)
- Re: Fwd: Cisco crapaganda Michael . Dillon (Aug 10)
- Re: Cisco crapaganda James Baldwin (Aug 10)
- Re: Cisco crapaganda Michael . Dillon (Aug 10)
- Re: Cisco crapaganda Robert E . Seastrom (Aug 10)
- Re: Cisco crapaganda Michael . Dillon (Aug 11)
- Re: Fwd: Cisco crapaganda Valdis . Kletnieks (Aug 09)