Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Cisco crapaganda

  • From: Steven J. Sobol
  • Date: Sat Aug 13 15:04:59 2005

On Sat, 13 Aug 2005, Dave Howe wrote:

> 
> Rich Kulawiec wrote:
> > More bluntly: the closed-source, "faith-based" approach to security
> > doesn't cut it.  The attacks we're confronting are being launched
> > (in many cases) by people who *already have the source code*, and
> > who thus enjoy an enormous advantage over the defenders.

> TBH though, usually the open source "faith based" approach to security
> doesn't cut it either. its easy to say "its open source, therefore
> anyone can check the code" but much harder to actually find someone who
> has taken the time to do it....
 
Depends on the project.

Some OSS projects turn around enhancements and bug fixes, and fix 
vulnerabilities, quickly. Some don't. Some do some of the time, depending 
on the type of change. (For example, Mozilla is good about patching 
vulnerabilities quickly, but there's an Thunderbird enhancement almost 200 
people voted for on Bugzilla, that people have been complaining about for 
months, that they've not done anything about.)

-- 
Steve Sobol, Professional Geek   888-480-4638   PGP: 0xE3AE35ED
Company website: http://JustThe.net/
Personal blog, resume, portfolio: http://SteveSobol.com/
E: sjsobol@JustThe.net Snail: 22674 Motnocab Road, Apple Valley, CA 92307






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.