Re: [PLUG] Microsoft's many eyes?

Doug Stewart on 24 May 2011 12:32:06 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Microsoft's many eyes?

From: Doug Stewart <zamoose@gmail.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Microsoft's many eyes?
Date: Tue, 24 May 2011 15:31:41 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type:content-transfer-encoding; bh=inRYzj3BhPikEgD2gKL/hOB7ePsQUQ97fFdfVh7Rtvg=; b=rUD5NhijT6xA0Ec0tby8W8Td6PGphCGoQjOLe/SWrN9KZm50JkIhNdUSg/Azv30k2e pc+HsSz+zlFE86RaFQdXVC/fBbQbZEVfsj3DcoP80oriFK4gOBTHEFAP1m+9Z9WKuwo5 a4ybL5OBnFkBqHb8ql2oFOx6N3Org1sp8DC4k=
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: plug-bounces@lists.phillylinux.org

On Tue, May 24, 2011 at 3:21 PM, Chaz Meyers <plug@thechaz.net> wrote:

> Asking whether Linux is more secure than Windows is a much more reasonable
> question than whether open source software is categorically more secure than
> closed source software.
> The former would still be tricky to prove. What's your metric for security?
> Is it the number of discovered exploitable bugs, perhaps weighted by how
> long the bug was out in the world with no fix available? "Windows" includes
> a lot more than a kernel, so are we just counting kernel exploits or do we
> get to count bugs in X11, GNOME, xft, Firefox, and other software to make it
> a fair apples-to-apples comparison? Each of those subjective questions would
> have to be answered by anyone doing the sort of analysis you describe and
> could bias the conclusions reached.
> The later question, I think, would be far more difficult to answer because
> of how much variation there is between different projects. If I publish
> horrible code that no one reads or uses, does that count against FOSS? Does
> an exploit in vim hold as much weight as one in OpenSSL?  Is it fair to
> compare IE6 in 2005 to Firefox in 2005 even though IE6 was for all intents
> and purposes an abandoned project at that point? If so, can we compare
> abandoned OSS projects to closed source projects? If you can prove Firefox
> has more brilliant people reading code than IE and IE has more brilliant
> people reading code than Konqueror, what does that say FOSS vs closed source
> and who attracts the most eyes?
> I'm not sure there are enough projects out there that are similar enough in
> terms of functionality, manpower, and relevance to do an impartial analysis
> that generalizes over all software. I imagine the result of any such effort
> would end up being highly anecdotal.
> - Chaz Meyers
>
>

When talking about operating systems, I think the more
relevant/informative question is "Are OSes that were designed from the
ground-up to be multi-user systems with tiered access controls (e.g.
BSD and SysV UNIX variants) more secure than those still relying upon
mutli-user capabilities bolted onto previously single-user-metaphor
systems (e.g. Windows and, errrr... Windows?)?" The answer to that is
"uncategorically 'yes'", IMNSHO.

-- 
-Doug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- Re: [PLUG] Microsoft's many eyes?
  - From: Stephen Slaughter <steve2slaughter@gmail.com>
- Re: [PLUG] Microsoft's many eyes?
  - From: Chaz Meyers <plug@thechaz.net>

Prev by Date: Re: [PLUG] Microsoft's many eyes?
Next by Date: Re: [PLUG] Microsoft's many eyes?
Previous by thread: Re: [PLUG] Microsoft's many eyes?
Next by thread: Re: [PLUG] Microsoft's many eyes?
Index(es):
- Date
- Thread