Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenOffice.org Security 'Insufficient'

Posted by ryuzaki0 on from the taunting-crowds dept.

InfoWorldMike writes "IDG News Service's Robert McMillan reports that researchers at French Ministry of Defense say vulnerabilities with open source office suite OpenOffice.org may rival those of Microsoft's version. With Microsoft's Office suite now being targeted by hackers, researchers at the French Ministry of Defense say users of the OpenOffice.org software may be at even greater risk from computer viruses. "The general security of OpenOffice is insufficient," the researchers wrote in a paper entitled In-depth analysis of the viral threats with OpenOffice.org documents. "This suite is up to now still vulnerable to many potential malware attacks," they wrote. The OpenOffice.org team has already fixed a software bug discovered by the researchers, and the two groups are in discussions about how to improve the overall security of the software. "The one real flaw in the programming logic has been fixed," said Louis Suarez-Potts, an OpenOffice.org community manager. "The others are theoretical.""

3 of 184 comments (clear)

  1. "theoretical" by dmiller · · Score: 5, Insightful

    It is disappointing to see a free software project dismissing threats as "theoretical". Today's "theoretical" vulnerabilities are tomorrow's exploits. Worse, the article hints that these threats are fundamental design flaws - the developers should be working to fix these and not issuing PR speak to cover them.

  2. Many eyes at work. Sounds like a + not - by MCRocker · · Score: 5, Insightful

    This sounds like a strength of the open source model. Many eyes can include security auditors too. The weaknesses get reported and fixed.

    The closed source model doesn't offer the same level of opportunity to find flaws. Even when people do find flaws in closed source products the publishers are as likely to bury the report, deny the flaw it exists or use DMCA to sue the people who disclose the problems.

    Chalk this up as a win for the open source model... at least for large high visibility projects like Open Office.

    --
    Signatures are a waste of bandwi (buffering...)
  3. What makes them think MS Office isn't vulnerable? by foreverdisillusioned · · Score: 5, Insightful

    I'm assuming that the vast majority of these alleged vulnerabilities came about as a result of them examining the source code. Since Microsoft Office is closed source, it may have just as many potential exploits or more. The difference is OO.o's vulnerabilities are known and thus can be guarded against or even patched by a third party. MS Office's potential exploits are unknown and thus may be released as zero-day exploits, and even when they are known we're at the mercy of MS to release a timely and effective patch.

    I fail to see how this is a black mark against OpenOffice.org.