Slashdot Mirror


OpenSSL: the New Face of Technology Monoculture

chicksdaddy writes: "In a now-famous 2003 essay, 'Cyberinsecurity: The Cost of Monopoly,' Dr. Dan Geer argued, persuasively, that Microsoft's operating system monopoly constituted a grave risk to the security of the United States and international security, as well. It was in the interest of the U.S. government and others to break Redmond's monopoly, or at least to lessen Microsoft's ability to 'lock in' customers and limit choice. The essay cost Geer his job at the security consulting firm AtStake, which then counted Microsoft as a major customer. These days Geer is the Chief Security Officer at In-Q-Tel, the CIA's venture capital arm. But he's no less vigilant of the dangers of software monocultures. In a post at the Lawfare blog, Geer is again warning about the dangers that come from an over-reliance on common platforms and code. His concern this time isn't proprietary software managed by Redmond, however, it's common, oft-reused hardware and software packages like the OpenSSL software at the heart (pun intended) of Heartbleed. 'The critical infrastructure's monoculture question was once centered on Microsoft Windows,' he writes. 'No more. The critical infrastructure's monoculture problem, and hence its exposure to common mode risk, is now small devices and the chips which run them.'"

2 of 113 comments (clear)

  1. Re:OSS vs Reality by Anonymous Coward · · Score: -1, Troll

    Still a damn sight better than proprietary vs reality.

  2. Let me tell you ALL, how it really is by Anonymous Coward · · Score: -1, Troll

    Open "Sores" Shit Layer screwups = same as those spouted for years here of "Windows != Secure, Linux = Secure" since FINALLY, Linux (Android) is showing the truth of all that /. bullshit. All those "eyes on the code" didn't mean shit (considering most users of Linux don't code, it makes total sense it failed here too). Now, I think it's utterly hilarious you all have to eat your words on that one, lol! You all are either too stupid, or too young, to know that once something becomes the most used on any platform, it will also be the most attacked. Criminals, are criminals. Online botnet masters/malware makers? No different. They don't target 'crowds of 1' & instead, go for the masses (crowded malls, streets, plus other throughfares where bigger numbers mean more victims).