APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Microsoft comments on security

© August 2003 Tony Lawrence
Fri Aug 29 14:58:31 GMT 2003

This article about Microsoft vs. Linux (link dead, sorry) is interesting in its own right, but a couple of paragraphs from Microsoft's position stand out for me:

Additionally, security vulnerabilities in open-source software, which often go unnoticed with the limited scenarios that actually deploy open-source software, also often remain unaddressed for long periods of time because there is no central organisation driving development. Evaluating open-source software for security is a complex proposition.

Open-source software is now a major source of security vulnerabilities. The Computer Emergency Response Team reported that open-source and Linux software accounted for 16 out of 29 security advisories for the first 10 months of 2002, whereas Microsoft accounted for seven of these 29 advisories.

That's the kind of argument you'd expect Microsoft to make, and the kind that worries me.

I would like to know why evaluating open source software for security is any more complex than evaluating Microsoft software. Certainly more eyes are available, and none of those eyes have to worry about political implications: I'm thinking of a case where fixing a security problem might cause expensive problems for other software. The open source folks wouldn't worry about that at all, but Microsoft certainly would, and might very well delay the fix because of it.

I'd also question the statistics for vulnerabilities. Again, a lot more eyes are looking for problems in open source code, and it's also a matter of record that Microsoft doesn't report problems until their hand is forced. So how valuable are these numbers?

Finally, what about the severity of the vulnerability? Many of these advisories are for obscure situations that may not even apply to commonly used software. On the other hand, Microsoft often gets sucker punched: just two days ago, for example, there are new Internet Explorer Vulnerabilities serious enough to do real damage.

Got something to add? Send me email.

(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> Microsoft comments on security

Inexpensive and informative Apple related e-books:

Are Your Bits Flipped?

Digital Sharing Crash Course

Take Control of Upgrading to El Capitan

iOS 8: A Take Control Crash Course

Take Control of iCloud

More Articles by © Tony Lawrence

Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

Printer Friendly Version

Tough times never last, but tough people do. (Robert H. Schuller)

Linux posts

Troubleshooting posts

This post tagged:





Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode