[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FYI] MS: "Closed source is more secure"



On Fri, Apr 13, 2001 at 12:35:52PM +0200, Axel H Horns wrote:

> The head of Microsoft's security response team argued here Thursday 
> that closed source software is more secure than open source projects, 
> in part because nobody's reviewing open source code for security 
> flaws.  

Er lügt. Die Reviews sind vielfach sogar öffentlich. Außerdem
hindert niemand Unternehmen daran, Open-Source-Produkte selber
zu reviewen.

> "Review is boring and time consuming, and it's hard," said Steve

Er hat vergessen hinzuzufügen daß man hierfür kompetente Leute
und kein "until Monday" benötigt.
 
> Lipner, manager of Microsoft's security response center. "Simply 
> putting the source code out there and telling folks 'here it is' 
> doesn't provide any assurance or degree of likelihood that the review 
> will occur."  

Er will damit hoffentlich nicht andeuten daß für closed-source in
irgendeiner Form weitergehende Garantien gegeben würden.

> Lipner closed by warning that the nature of open source development 
> may lend itself to abuse by malicious coders, who could devilishly 

Was (bis auf den kleineren Personenkreis) auch für closed source
gilt.

> clever 'trapdoors' in the code that escapes detection, hidden in 
> plain sight.  

Was immernoch besser ist als "clever 'trapdoors'" die nur in
binärer Form vorliegen.

Dietz