Re: Why open source software is more secure

[Adriel Desautels <adriel () netragard com>]

Greetings,
	We recently did an "internal" study against closed source software and 
open source software. During the study we focused on security 
appliances, commonly used applications, and common web applications. The 
goal of the study was to identify which on average was more secure.

	Open Source software won hands down. The reason why we believe that 
Open Source software came out on top is because it is exposed to the 
community and is scrutinized by talented developers around the world. 
The same can not be said about closed source software. Closed source 
software is only scrutinized by the people who build it.

	This is akin to network security. Companies are usually required to 
bring in third parties to assess their network. They can't effectively 
assess their own work, because it is their work.

	There are many good software vendors that create fairly secure and well 
written products. Buying technology from those vendors means that you 
get their support. It also means that you have someone to fall back on 
if things don't go your way. It does not mean that you are getting the 
highest quality product though.

        Hope this made sense.



Regards,
        Adriel T. Desautels
        Chief Technology Officer
        Netragard, LLC.
        Office : 617-934-0269
        Mobile : 617-633-3821
        http://www.linkedin.com/pub/1/118/a45

        Join the Netragard, LLC. Linked In Group:
        http://www.linkedin.com/e/gis/48683/0B98E1705142

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know  : http://tinyurl.com/26pjsn


aliasghar.toraby () gmail com wrote:
> sapran wrote:
> > The main goal of a software vendor is not to bring you a _good_
> > product, but to sell it you. That is the only truth about that. That's
> > why the product might be fully featured, nicely decorated and
> > published on time: the vendor is economically motivated to make it
> > this way. But there's no sense to make it secure and stable because
> > the only motive for this is liability which does not exist software
> > industry.
> >
> > There are two ways for things to become better. The first one is fully
> > described by Bruce Schneier it his "Secrets and Lies", the top book to
> > be read by all 'connected' folks. Its increasing of liability to the
> > level of its presence in other industries, for ex. banking or plane
> > building. And there is another, more utopic, to ignore the business
> > motives during the process of software development.
> >
> > It may remind you the methods of decreasing of unemployment proposed
> > by Marks: to remove market economy at all. But this is a topic to be
> > thought out I guess, so your comments are welcome.
> >
> >   
> What do you mean about security?
> I think that policy give a guaranty and security. And open source is a 
> safe policy.