Weekly Edition
Return to the Security page
| |||||||||||||
Interview: Brian Hatch (LinuxQuestions)
LinuxQuestions.org interviews
Brian Hatch, author of Hacking Linux Exposed. "So true,
not everyone can read and understand the code that they end up running, and
not anyone can read all of the code that they end up running. There's a
level of trust, and that's no different than when you run proprietary
software. The big difference is the number of individuals who do view that
code."
(Log in to post comments)
Interview: Brian Hatch (LinuxQuestions) Posted Oct 29, 2003 20:15 UTC (Wed) by clugstj (subscriber, #4020) [Link] The big difference isn't the "number of individuals who do view that code", but the motivation and trustworthiness of the individuals. With proprietary source code no one that get to look at it is impartial, they've all signed some kind of non-disclosure agreement.
Interview: Brian Hatch (LinuxQuestions) Posted Oct 29, 2003 23:18 UTC (Wed) by crouchet (guest, #1084) [Link] I agree that the motivation of the individuals is important but I still think there is anotherlayer here. The very nature of an open project means that everyone who joins it is aware that all their additions are subject to public review, scrutiny and critique at any time. If someone has nefarious motives, intends to be dispicable or just writes poor quality code, they will not join a OSS project in the first place and risk having their actions revealed for all to see. Maybe the openness of the project keeps them honest or maybe only the honest people join the project. I suspect it is some of both but it does not really matter. Either way it works. No, I am not saying people who write proprietary software are dishonest. What I am saying is that if someone wants to hide their work they will tend to do that in a proprietary environment rather than an open one. JC
Interview: Brian Hatch (LinuxQuestions) Posted Oct 30, 2003 1:50 UTC (Thu) by dkite (guest, #4577) [Link] Free software isn't driven by marketers. That makes security a possibility.Security is difficult and painful. It doesn't sell products, it at best prevents loss of sales. It prevents focus on features that will sell. It causes delays in releases. It absorbs the best and most expensive programming talent, for no visible benefit other than it won't do something, maybe. It is undefined, and uncontrollable. A secure piece of software is one that has been stable and static for a while. One can't guarantee security, and if you do, you probably will be proved wrong in short order. Would the wireless 802.11 have taken off in the marketplace if it had been designed to be secure? I don't think it would have. But it is a success in every other way. Case in point. Free software lives in a different world. In FOSS projects, the developer who writes secure code and watches the code for flaws is given high regard. If a security issue is raised, most everthing else is dropped until it is resolved. No, FOSS software isn't 'Secure'. But at least it is aware of the problem and tries to be so. Derek
Interview: Brian Hatch (LinuxQuestions) Posted Oct 30, 2003 15:59 UTC (Thu) by mmarq (guest, #2332) [Link] I belive, there is a base here for plenty of interviwes in the futur, about the most various subjects, mostly about guys scratching their heads over, showing the big question:- why can OSS code be so much better than propeietary ?...well!, there isnt a clear and sharp answer to that for sure, not one that fits the entanglements of Murphys Law any way... but excelence, for a lot of code bases(not all), "seems" to live better with OSS than with proprieatry, and that is a puzzle for the proprietary Murphy's priests.
|
|||||||||||||