SecurityFocus.com: Redmond's security response chief warns RSA Conf. of the perils of open source.
Apr 13, 2001, 13:45 (39 Talkback[s])
(Other stories by Kevin Poulsen)
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
[ Thanks to Steen
Kroyer for this link. ]
"The head of Microsoft's security response team argued here
Thursday that closed source software is more secure than open
source projects, in part because nobody's reviewing open source
code for security flaws."
"Review is boring and time consuming, and it's hard," said Steve
Lipner, manager of Microsoft's security response center. "Simply
putting the source code out there and telling folks 'here it is'
doesn't provide any assurance or degree of likelihood that the
review will occur."
"The comments, delivered at the 2001 RSA Conference, were a
challenge to one of the tenets of open source, that 'with many
eyes, all bugs are shallow.'"
- Moongroup.com: Microsoft should be feared and despised!
(Apr 03, 2001)
- IBM developerWorks: The security implications of open source software(Mar 31, 2001)
- Information Security Magazine: Open-Source Security - Open Source Under The Hood(Mar 25, 2001)
- The Register: Microsoft struts into Net security market; Would you buy a firewall from Bill?(Feb 19, 2001)
- BBspot.com: Microsoft builds most secure server [Humor](Feb 17, 2001)
- EarthWeb: Thoughts on Java and Open Source Security(Feb 04, 2001)
- Dr. Dobbs' Journal: A Roundtable on BSD, Security, and Quality
(Jan 07, 2001)
- Linux.com: Cyber Attacks Prove Costly; 4 Security Experts Managing Major Open Source Sites Discuss(Jan 04, 2001)
- ComputerWorld: Think tank warns that Microsoft hack could pose national security risk(Dec 27, 2000)
- Slashdot: NSA Releases High Security Version Of Linux
(Dec 22, 2000)
- Open Source encryption components and exporting applications(Dec 15, 2000)
- ShowMeLinux.com: MS Security & Hacking... A More Informed Community, or More Bars on the Windows?(Dec 05, 2000)
- LinuxWorld: Open source closes backdoors - Security through code obscurity provides false confidence(Nov 12, 2000)