[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FYI] MS: "Closed source is more secure"
- To: debate@fitug.de
- Subject: [FYI] MS: "Closed source is more secure"
- From: "Axel H Horns" <horns@ipjur.com>
- Date: Fri, 13 Apr 2001 12:35:52 +0200
- Comment: This message comes from the debate mailing list.
- Organization: NONE
- Sender: owner-debate@fitug.de
http://www.theregister.co.uk/content/8/18286.html
------------------------------- CUT -------------------------------
Closed source is more secure -- MS
By: Kevin Poulsen
Posted: 13/04/2001 at 08:27 GMT
The head of Microsoft's security response team argued here Thursday
that closed source software is more secure than open source projects,
in part because nobody's reviewing open source code for security
flaws.
"Review is boring and time consuming, and it's hard," said Steve
Lipner, manager of Microsoft's security response center. "Simply
putting the source code out there and telling folks 'here it is'
doesn't provide any assurance or degree of likelihood that the review
will occur."
The comments, delivered at the 2001 RSA Conference, were a challenge
to one of the tenets of open source, that 'with many eyes, all bugs
are shallow.'
[...]
Lipner closed by warning that the nature of open source development
may lend itself to abuse by malicious coders, who could devilishly
clever 'trapdoors' in the code that escapes detection, hidden in
plain sight.
[...]
------------------------------- CUT -------------------------------