LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Letters page

Recent Features

Relicensing and rebasing LibreOffice

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Keeping OSS out of the security arena

[Posted June 12, 2002 by corbet]

From:  Leon Brooks <leon@cyberknights.com.au>
To:  tolavsrud@internet.com
Subject:  Keeping OSS out of the security arena
Date:  Thu, 6 Jun 2002 08:40:43 +0800
Cc::  kenbrown@erols.com, foss@adti.net, letters@lwn.net

>From http://www.internetnews.com/dev-news/article.php/1276831
 
> while ADTI believes pooled talent is highly beneficial in software
> development, it is naive to allow "bad guys" as well as "good guys"
> into that talent pool.
 
Oh, sure... and who gets to define `good' and `bad'?
 
OSS can be contributed to and inspected by the poorest computer owners in the
world, but even benevolent engineering and infotech societies have membership
dues which well exceed the cost of owning and operating such a computer, so
membership in same as a criterion basically equates `bad' with `poor'.
 
Microsoft's traditional definition seems in practice to be `good' equals us
and `bad' equals competitors, that is, _everyone_ else. I can't see those
criteria being well recieved by the public, although based on past practice I
would expect them to be carefully and professionally marketed in various ways
by Microsoft. The same basic approach is shared by many political and
religious groups too, which would also render a broad range of social
criteria inappropriate.
 
When you've bashed your collective heads against that particular wall often
enough, consider the axiomatic approach, `if it works, don't fix it'. In real
life, OSS _has_proven_ to be more secure than competing methods, and without
controls. To be honest, one must say `competing method', singular.
 
To effectively put a brake on OSS adoption by pausing for study when much
study has already been done seems to be the biggest and most pressing
security risk in this situation.
 
AdTI's own mission statement* includes `Our principles guide the selection of
which issues are critical to the advancement of freedom - but we don't rush
to judgement about which means will be most effective in producing it.'
Excellent! But AdTI seem to be `rushing to judgement' here, unless AdTI uses
an odd definition for `freedom'.
 
If AdTI's sponsors wish to compete in a market which prefers OSS, by choice
or mandate, they need but Open Source their own products, noting that the GPL
requires source to be available for distribution as _only_ far as the
binaries are, _not_ to the public at large.
 
Cheers; Leon
 
 
* a pasteable text version would be nice
 
--
CyberKnights Modern tools, traditional dedication.
+61-409-655-359 http://www.cyberknights.com.au/
 
linux.conf.au 2003 The Australian Linux Technical Conference
http://conf.linux.org.au/ 22-25 January 2003 in Perth, Western Australia

(Log in to post comments)

Copyright © 2002, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds