Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



Mitnick on OSS

KrispyKringle Re:Mitnick may be a smart guy, BUT... (286 comments)

I'm actually not a huge fan of Microsoft products, but I don't really see what my software preferences have to do with anything. My favorite OS is OSX, but it's also one of the least secure (in the sense not, perhaps, that I'm most likely to be pwned--the lack of popular use of my choice OS helps prevent that--but in the sense that Apple has among perhaps the worst security response procedures in software development today. I asked you for statistics simply because you made a claim without any evidence to back it up.

I was taking issue specifically with your statement, "but in reality, it's easier to crack a proprietary box." You have a good example above. You show some open source software that's more secure than some closed source software. And I agree; open source does not inherently make one less secure. But that's not what you said; what you said was that closed source is inherently less secure--which is equally false. For example, IIS6 had 2 vulnerabilities since 2004, while Apache2 had 30 vulnerabilities since 2002.

Whether the source is available is a factor, but it's far from the only factor in how secure a product is. For one thing, good fuzzing can be as or more effective than source code analysis, so despite what Mitnick says, having access to the source doesn't always mean a whole lot. But this doesn't mean that open source is more secure, either; the benefits of the open source model can just as easily be outweighed by the costs. Open source software does indeed have many eyes, but some projects don't have many good eyes (think PHPNuke).

And aside from questions of code quality from hobbyists and non-professionals (not to mention the lack of individual accountability), there's always the possibility of intentionally vulnerable patch submissions (this was attempted with Linux a while back; for all we know it's actually happened, too).

I never said Windows was more secure (not that your Secunia statistics close the book on that discussion), but it's just one example, anyway. Your assertion was universal--that open source is always more secure than proprietary solutions, which is just clearly an indefensible position.

The only people who actually believe that are zealots. This isn't about what model I prefer or what products I use. Politics--or religious zeal--are not anywhere near my mind when I'm writing code.

And I apologize if my "put up or shut up" phrase insulted you. I was recovering from shock at the unbelievable levels of stupidity in that thread. If you're not stupid, you don't deserve my ire.

more than 8 years ago


KrispyKringle hasn't submitted any stories.


KrispyKringle has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?