Business Week: Linux' [Ramen] Bug Problem: Getting the Fixes OutJan 23, 2001, 16:26 (13 Talkback[s])
(Other stories by Alex Salkever)
"Targeted at an older version of Red Hat, Ramen hasn't caused any significant damage. And according to the federally funded Computer Emergency Response Team, fewer than 20 incidents of Ramen infection have been reported -- a minuscule number compared to the tens of thousands of reports CERT logged when the Melissa virus and Love Bug were epidemic. Furthermore, Linux security experts speculate that Ramen arose as a demonstration project without specific malicious intent."
"Still, the continuing spread of Ramen raises some serious questions about the ability of the open-source community to live up to its security boasts. Linux supporters have long claimed the transparent nature of open-source development produces more secure software and fixes bugs faster than proprietary companies such as Microsoft and Oracle do."
"Even if that's true, Linux will need to prove it can deliver this security to the growing mass of open-source converts who are not particularly tech-savvy and are accustomed to Microsoft-style one-click upgrades. Red Hat hustled out patches for the Ramen worm within weeks, but too many Red Hat users remain unprotected. "I think the community's response to the Ramen virus has been to the credit of open source. Where it breaks down is the last mile of getting that fix to the customer," says Ned Lilly, vice-president for hacker relations at open-source database concern Great Bridge."