Slashdot Mirror

← Back to Stories (view on slashdot.org)

Corporations Getting Into The Open Source Spirit

Posted by timothy on from the defuse-use-abuse-reuse-infuse dept.

Anonymous writes "Some bastions of capitalism are getting into the open-source spirit -- not only using the software, but contributing code fixes and other mods, according to an article in today's Computerworld."

3 of 181 comments (clear)

  1. Even Microsoft is getting in the spirit by aflat362 · · Score: 0, Redundant

    For those of you who haven't already heard: Microsoft's Linux distro

    --

    Conserve Oil, Recycle, Boycott Walmart

  2. Marx? by Anonymous Coward · · Score: 0, Redundant

    Some bastions of capitalism are getting into the open-source spirit

    Won't that destroy our vision of a Marxist, socialist revolution with OSS at the spearhead? No sir, capitalists using OSS is NOT a good thing.

  3. Pre-packaged Profile? by _Sprocket_ · · Score: 0, Redundant


    So you're going to create a database telling people exactly what software government agencies use and give them the code. Does anyone else see this as a security risk?

    Sure - there is a potential for additional risk with such a listing. However, there is not as much risk as it may initially appear to present.

    First off - the list may not be accurate. Software solutions and version numbers change - often faster than these kinds of lists update. An attacker will have to assume the list offers merely a starting point and will have to verify the information on their own.

    On that point - an attacker will be able to profile the environment with or without the list. Even an attacker who wishes to avoid too much attention could easily scan a potential target and still blend in to the the background noise Government agencies deal with their public-facing networks daily.

    Of course, that assumes the attacker is even going to bother profiling the target. The vast majority of attacks against Government and Corporate resources seem to be crimes of convenience, as it were. The target is attacked merely because it is there and vulnerable. There is no actual interest in the target itself (beyond perhaps the available resources or address space). These attacks quickly follow wide-spread scans. Attackers may even simply run exploits blindly against systems and dispense entirely with any form of intelligence gathering.

    And so there you are. The current environment involves blind attacks, random attackers, and the occasional intelligent attacker who will go to their own measures to profile your environment. One should already take measures to protect one's environment against this sort of daily exposure.

    Publishing basic software packages being used in an attempt to leverage knowledge and experience from the community and other organizations does little to expand this exposure. And it may very well present a much higher benefit than what little additional attention it attracts.