[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FYI] MS: "Closed source is more secure"
- To: debate@fitug.de
- Subject: Re: [FYI] MS: "Closed source is more secure"
- From: dietz@rotfl.franken.de
- Date: Fri, 13 Apr 2001 15:56:48 +0200
- Comment: This message comes from the debate mailing list.
- In-Reply-To: <3AD6F2A8.18157.152221@localhost>; from horns@ipjur.com on Fri, Apr 13, 2001 at 12:35:52PM +0200
- References: <3AD6F2A8.18157.152221@localhost>
- Sender: owner-debate@fitug.de
- User-Agent: Mutt/1.3.17i
On Fri, Apr 13, 2001 at 12:35:52PM +0200, Axel H Horns wrote:
> The head of Microsoft's security response team argued here Thursday
> that closed source software is more secure than open source projects,
> in part because nobody's reviewing open source code for security
> flaws.
Er lügt. Die Reviews sind vielfach sogar öffentlich. Außerdem
hindert niemand Unternehmen daran, Open-Source-Produkte selber
zu reviewen.
> "Review is boring and time consuming, and it's hard," said Steve
Er hat vergessen hinzuzufügen daß man hierfür kompetente Leute
und kein "until Monday" benötigt.
> Lipner, manager of Microsoft's security response center. "Simply
> putting the source code out there and telling folks 'here it is'
> doesn't provide any assurance or degree of likelihood that the review
> will occur."
Er will damit hoffentlich nicht andeuten daß für closed-source in
irgendeiner Form weitergehende Garantien gegeben würden.
> Lipner closed by warning that the nature of open source development
> may lend itself to abuse by malicious coders, who could devilishly
Was (bis auf den kleineren Personenkreis) auch für closed source
gilt.
> clever 'trapdoors' in the code that escapes detection, hidden in
> plain sight.
Was immernoch besser ist als "clever 'trapdoors'" die nur in
binärer Form vorliegen.
Dietz