Openness and Security on Campus

djeaux writes "The April issue of Syllabus includes an interview with Jeff Schiller, Network Manager at MIT, about openness and security in academic computing. Schiller has some interesting things to say about product liability for software, including an out for open source software and boils security down to a simple maxim: You must install patches. He also says that what makes security hard is that it's a 'negative deliverable.'"

Re:Patches?

[sphealey]

The canonical example is Windows NT Service Pack 6, which broke Lotus Notes (both server and client). Note (ha ha) that Notes had at that time both the largest market share and by far the largest installed base of any corporate e-mail system. Microsoft denied the problem for about 6 weeks, then suddenly released SP6a with no explanation.

That's the worst I know of (since it was marked a security release, and since it affected so many sites), but I have certainly run across others.

And while I agree Microsoft can't test _every_ 3rd party app out there, I do think that given their 96% desktop market share (at that time; closer to 99% today) that they have a responsibility to test the leading apps of the leading functions, whether or not they are Microsoft's. Novell certainly used to do that.

sPh