Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security of Open vs. Closed Source Software

Posted by michael on from the flame-retardant-suit dept.

morhoj writes "Cambridge University researcher Ross Anderson just released a paper concluding that open source and closed source software are equally secure. Can't find a copy of the paper online yet, but I thought this would make for an interesting morning conversation. You may not agree with him, but anyone who's on the BugTraq List can tell you that open source software isn't as bug free as we would all like to think." I found Anderson's paper, so read it for yourself. There are some other interesting papers being presented at the conference as well.

4 of 349 comments (clear)

  1. PDF sucks, here is HTML by Squash · · Score: 1, Informative

    I hate PDF files, so I converted the paper to html, and posted it Here.

    Is there a real valid reason for this type of document to be in PDF form? Not to mention it is 122k vs 44k for HTML.

    --
    Squash
  2. Re:HA HA HA HA by ishark · · Score: 3, Informative

    Idealizing the problem, [....]

    If he truely said this... Then the report is laughable.

    It doesn't take long to verify, you know....

    Acroread->Search->"Idealizing"

    No occurences of 'Idealizing' were found in the document.

    Conclusion: wherever that text comes from, it's not the paper being discussed. More luck next time.

    (-1, Lazy) for not doing the search yourself :)

  3. Re:Another viewpoint by angel'o'sphere · · Score: 3, Informative


    Open source, with it's ease of finding flaws, reduces this "true window" of exposure.

    No, this is wrong.

    Open Source INCREASES the window of expousure. With open source everybody, the good "examiner/reviewer" and the bad attacker, has he ability to find a flaw by analyzing source as soon as the source is released.

    With closed source the attacker needs to analyze the assembly code or needs to drive black box attacks from the outside.

    The "window of exposure" is in both caes the same, the flawed system has "a flaw" since it is installed and running somewhere and such it is open for an attack even if no one ever will know how to attack it.

    If YOU like to distinguish between (hypotetical) window of exposure and true window of exposure you have to conclude that the true window of exposure is in OSS bigger.

    angel'o'sphere

    --
    Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
  4. Windows operating systems re-configure themselves. by Futurepower(R) · · Score: 3, Informative

    "... why do my Win2k installs slow down to a crawl after a few weeks..."

    Windows operating systems re-configure themselves without telling the user. Bill believes he knows better than you.

    I find bugs and insufficiencies in open source software. But generally open source software impresses me as an attempt to do a good job.

    In contrast, Microsoft software seems just sloppy. For example, Microsoft's Internet Explorer has 18 unpatched security bugs (when this was written). These active security risks are different from the recent 15 that have already been fixed. This is sloppiness, not mistakes, and I don't find anything like it in the open source world.

    In case the .PDF article is slashdotted: It is nonsense, written by someone trying to seem well-educated. If you do read it, don't let the math intimidate you, the math is utter nonsense.

    By the way, when Windows becomes slow because it re-configured itself, try this:
    1. Install the latest Windows service packs and patches.
    2. Re-install the latest chipset drivers.
    3. Re-install Microsoft DirectX 8.1 or higher.
    4. Re-install the motherboard manufacturer's ATA storage driver.
    5. You probably won't need to re-install other device drivers, but this is the time to do it.