Linux Today: Linux News On Internet Time.

More on LinuxToday

Help Net Security: Security in Open versus Closed Systems - The Dance of Boltzmann, Coase and Moore

Jul 09, 2002, 23:30 (13 Talkback[s])
(Other stories by Ross Anderson)

[ Thanks to LogError for this link. ]

"Some members of the open-source and free software community argue that their code is more secure, because vulnerabilities are easier for users to find and fix. Meanwhile the proprietary vendor community maintains that access to source code rather makes things easier for the attackers. In this paper, I argue that this is the wrong way to approach the interaction between security and the openness of design. I show first that under quite reasonable assumptions the security assurance problem scales in such a way that making it either easier, or harder, to find attacks, will help attackers and defendants equally. This model may help us focus on and understand those cases where some asymmetry is introduced..."

Complete Story (with link to 13-page PDF white paper)

Download xpdf

Related Stories: