Fighting Claims That Open Source Is Insecure?

Lumpy asks: "Lately there has been a HUGE push by Certified Microsoft Professionals and their companies to call clients and warn them of the dangers of open source. This week I received calls from 4 different customers that they were warned that they are dangerously insecure because they run Open Source Operating systems or Software because 'anyone can read the code and hack you with ease' they are being told. Other colleagues in the area also have noticed this about 3 Microsoft Partners or so they claim have been going out of their way to strike fear of OSS in companies that respond with 'yes we use Open source or Linux' when the sales call comes in. I know this is simply a sales tactic by these companies that will remain nameless, but how do I fix the damage caused by these sales tactics? I have several customers that now want more than my word about the security of the systems that have worked for them flawlessly for over 5-6 years now with minimal expense outside of upgrades and patching for security. Does anyone have a good plan or sources of reliable information that can be used to inform the customer?"

Re:Security through obscurity is no security at al

[KermodeBear]

You can also make an analogy to government using the parent's ideas. Would you rather have an open, transparent government where you can inspect each and every process or would you rather have a closed, secretive government where anything can happen without your knowledge?

Re:Security through obscurity is no security at al

[turbidostato]

"Ask your customer a simple question in reply:
Does that fact that closed source software hides it's defects mean that it doesn't have any defects?"

To attain exactly, what?
Just to follow your argument, here comes the obvious answer to your "counter-question":

Of course closed software has its defects. But then, its defects are hidden, aren't they? So they are obviously more difficult to exploit, and I prefer to have a software its defects are difficult to exploit rather than one which is easy to exploit. I'm questioning my confidence on your ability to have the things done if I have to explain to you such an obvious thing!

"Would you rather be at the mercy of your vendors to disclose (against their own self-interest) and fix security issues (on their own timetable); or would you rather have a multitude of people, who are dedicated to the values of openness and transparency, constantly striving to keep open source software as secure as possible?"

Hummm... at the end of the day, a USA corporation may be held legally liable. Do you really expect me to try to recover damages from a stinky teenager deep in Soviet Russia (where teenagers stink you) that happened to develop some seemingly cute software in his spare time?

No, the answer has been already told. If they really are paying attention at such stupid arguments like those from 'M$ drones', they are ignorant about these issues, and the best course of action is enligth them in such a way they can understand:

Look at IBM: they extensively use open source and it seems they are not going into bankrupcy anytime soon.
Look at Google: they critically use open source, they have an ashtounding computer-base all around the globe and still it doesn't seem like they are hacked everyday, do they?

You can ask a question *then*:
Look at IBM or at Google, or at almost every Fortune 100 out there; they do well using open source. Don't you find suspicious the only ones pesting about open source are companies (Microsoft and its VARs) that *do* would go bankrupcy if open source took the computer world for a raid?