How To Argue That Open Source Software Is Secure?

Smidge207 writes "Lately there has been a huge push by Certified Microsoft Professionals and their companies to call (potential) clients and warn them of the dangers of open source. This week I received calls from four different customers saying that they were warned that they are dangerously insecure because they run open source operating systems or software, because 'anyone can read the code and hack you with ease.' Other colleagues in the area also have noticed that three local Microsoft Partners have been trying to strike fear in the minds of companies that respond, 'Yes, we use open source or Linux' when the sales call comes in. I know this is simply a sales tactic by these companies, but how do I fix the damage these tactics cause? I have several customers who now want more than my word about the security of systems that have worked for them flawlessly for 5-6 years, with minimal expense outside of upgrades and patching for security. Does anyone have a good plan or sources of reliable information that can be used to inform the customer?"

Re:That's a new low

[djupedal]

> Never understood why people didn't like KDawson

Mod up

- /. has been taking $$ from MS for some time now...funny how that works.

Re:Of course...

[man_of_mr_e]

Actually, if you compare, say IIS's track record to Apaches over the last 6 years, Apache looks pretty bad...

Re:*sigh*

If it's good enough for the NSA, it's good enough for you.

Yeah, 'cause we all install SE Linux on our servers and desktops...

You're a fucking idiot, as are the people that modded you up.

How To Argue That Niggers Are Black?

"Lately there has been a huge push by Certified African Professionals and their cohorts to call (potential) wiggers and warn them of the dangers of trying to fake blackness. This week I received calls from four different niggers saying that they were warned that they are dangerously humiliated because they run with wiggers or oreos, because 'anyone can act like a thug and be annoying with ease'. Other niggers in the area have also noticed that three local African Partners have been trying to strike fear in the minds of wiggers that respond, 'Yes, we make a mockery of black culture' when the pimp call comes in. I know this is simply a pimping tactic by these Africans, but how do I fix the damage these wiggers cause? I have several niggers who now want more than my word about the stupidity of wiggers that have imitated blacks flawlessly for 5-6 years, with minimal expense outside of designer clothes once it became trendy. Does anyone have a good plan or sources of reliable information that can be used to inform the niggers?"

Re:how to argue that closed source is secure?

Yes such amazing quality control that led to this problem, where "a Debian packager modified the source code of OpenSSL back in 2006 so as to remove the seeding of OpenSSL random number generator, which in turns makes cryptographic key material generated on a Debian system guessable".

While I would like to agree that Open Source allows for greater auditing of the software, it has been proven incorrect.

Read the paper, Reflections on Trusting Trust, here or the PDF here.
 

The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code.

Re:Test, test, test

[Aphoxema]

Just ping it a bunch and say it's secure because it didn't pong you with the admin password.