Christopher Howard said, on 09/11/2010 09:35 AM:
> The second point carries a lot more weight, in my opinion. This is a
> fundamental difference in viewpoint: in the ideal Microsoft universe,
> everybody runs the same software on the same OS; in the open source
> universe, there are a lot of different OSes, OS variants, and software
> implementations, but we all communicate with the same protocols and
> interface with the same open standards. So the open-source world is more
> secure, because the virus or worm meets a different implementation and
> configuration at each step of its propagation.
Agreed -- it's "technodiversity" - like biodiversity.
Interestingly, a successful cross-platform attack can tap into something
that all implementations share - the underlying standards and their
assumptions. Spam is an example of a broad-based attack on an
infrastructure with a deep design flaw (not taking into account human
greed and gullibility). This is why it's so important for the standards
themselves to be open and extensible (like the RFC process) ... but even
then, the need for downward compatibility can make it take a long time
to fix a problem.
> If it was my company on the line, I would want to be able to
> look over every bloody line of source code in the whole system, and
> compile it my self.
You mean, like Arthur? (/me ducks and runs). Seriously, though - some
companies would rather make the short-term decision to transfer the risk
than pay a higher price, but get the long-term benefits of truly
*understanding* the risk and its mitigations. Companies like Google
have clearly benefited from doing the latter.
Royce
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Sat Sep 11 10:39:48 2010
This archive was generated by hypermail 2.1.8 : Sat Sep 11 2010 - 10:39:48 AKDT