Security Basics mailing list archives
RE: Why open source software is more secure
From: "Hayes, Ian" <ihayes () nvcancer org>
Date: Tue, 13 May 2008 10:29:54 -0700
In addition, the recent announcements from Debian and Ubuntu sort of help throw out the idea that open source is inherently "more secure". According to the Debian Security Advisory, a Debian package manager introduced a fault into the OpenSSL package for Debian in 2006 and has persisted until now. -- Ian Hayes Systems Engineer Nevada Cancer Institute Office:(702) 822-5156 email: ihayes () nvcancer org http://www.nevadacancerinstitute.org
-----Original Message----- From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]
On Behalf Of Craig Wright Sent: Tuesday, May 13, 2008 1:40 AM To: 'Robinson, Sonja'; Alexander Klimov;
security-basics () securityfocus com
Subject: RE: Why open source software is more secure OSS hides through obscurity in some ways. It is rare for all lines to
be
checked by all users. So obscurity by volume. So obscurity by volume. Using Olly and IDA to reverse Microsoft products is a pastime for many people and I see more people checking Microsoft products then some
obscure
OSS with source. There is more bang for the proverbial in reversing
closed
source code from a major vendor. The bugs pay more than for an obscure OSS. The arguments assume that OSS with source is the only way to check
code. I
have seen a good deal of Microsoft code that has been reconstructed
from
reversing tools. Regards, Craig Wright (GSE-Compliance)
-------------------------------------------------------------------------- CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential, proprietary, and/or privileged information protected by law. If you are not the intended recipient, you may not use, copy, or distribute this e-mail message or its attachments. If you believe you have received this e-mail message in error, please contact the sender by reply e-mail and destroy all copies of the original message
Current thread:
- Re: Why open source software is more secure, (continued)
- Re: Why open source software is more secure Chad Perrin (May 08)
- RE: Why open source software is more secure David Harley (May 08)
- RE: Why open source software is more secure Hayes, Ian (May 08)
- Re: Why open source software is more secure Chad Perrin (May 08)
- Re: Why open source software is more secure aliasghar.toraby () gmail com (May 08)
- Re: Why open source software is more secure Adriel Desautels (May 08)
- Re: Why open source software is more secure Ivan . (May 09)
- Re: Why open source software is more secure Alexander Klimov (May 12)
- RE: Why open source software is more secure Robinson, Sonja (May 12)
- RE: Why open source software is more secure Craig Wright (May 13)
- RE: Why open source software is more secure Hayes, Ian (May 13)
- Re: Why open source software is more secure Chad Perrin (May 13)
- RE: Why open source software is more secure Robinson, Sonja (May 12)
- RE: Why open source software is more secure Craig Wright (May 13)
- RE: Why open source software is more secure Murda Mcloud (May 09)
- RE: Why open source software is more secure Chuck Taylor (May 09)
- RE: Why open source software is more secure Nick Vaernhoej (May 09)