Slashdot Mirror
Possible Cisco Source Code Theft
OmegaBlac writes "According to Ars Technica, a Russian security site is claiming that Cisco's corporate network was comprimised and about 800MB of Cisco's source code for IOS Operating System version 12.3 was stolen. I guess Cisco forgot to implement their own Self Defending Network solutions."
Whats the deal with that!?
if true, this could cause big problems not only for Cisco, but for the entire Internet. Cisco routers are responsible for routing much of the Internet's traffic, and the company has long practiced a policy of "security through obscurity."
We're all screwed.
-Imidazole2
One (of the many) problem(s) with the closed source business model is the fact that the entire company can depend on this intellectual property. The security surrounding that source has to be so huge that the problem quickly becomes intractable.
:P
:/
Open source however, by virtue of it being free (as in Iraq hehe), is worthless. Support contracts are alot harder to steal
Let's not forget that open source provides robust security (in principle) where as for closed source we can never be sure.
Why do we still use so much closed source stuff
Simon.
Don't touch it, don't see it, don't breathe near it, if you ever plan on contributing to linux.
Leaked code is very dangerous to open source software.
Surely that's only the case if being covered by software patents... which I think the general consensus in the Linux devlopment world is that's a Bad Thing(tm). Whether they will apply in Europe is still being discussed.
Copyright-protected code is obviously not allowed, but as long as there's a way of implementing the same thing in a different manner (always assuming that European s/w patents don't get ratified) I fail to see any issue in understanding how some other piece of software works.
The whole SCO debacle has done more than just piss everyone off, there's been a remarkable amount of reticence to learn from code that isn't Free. By that very logic authors shouldn't be allowed to read books and composers should be banned from listening to music.
--
This has been a scatterbrained post on behalf of the Poorly Thougt-out Argument Party
the layman's guide to computer science
Software is only secure when specific security tests are performed against it. Almost no one does much of this, or even understands it well. I doubt that in 1000 readers, more than 5 could recite the top 5, never mind the top 20 tests you must perform.
Open source is also not inherently better at security because of it must be peered reviewed. If the reviewer doesn't know what to check, then what is the point of the review?
Software must be security certified by professionals, whether open or otherwise.
Mike www.sharecube.com
How can the source code be stolen, when Cisco still has it?
How can you have identity theft if you are still you?
Phillip.
Property for sale in Nice, France
Good luck. Where I work we legally have access to Cisco IOS, although we're very strict and only a handful of engineers have the permissions to access it (me being one of them). The code is very clean and when I've browsed it looking to see if there's any exploits, I have thus far come up empty. The code does not look like the Microsoft code I've seen, which tends to be overly complex IMO. That's not to say we don't find bugs in Cisco's code, but generally it's very high quality.
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.