[
Lists Home |
Date Index |
Thread Index
]
Yes. That is why some are running 24x7x365
organizations to find security holes, fix them, and
get the announcements out faster than they can be exploited.
There are big problems when the announcements go out
and are ignored, not understood, or the user doesn't
have the competence to do the work. There is a bigger
problem if the hole is in systems that sit on the majority
of desktops and some number of servers. That is the
monoculture problem. On the other hand, one could
make the claim that if there is only one system to hit,
there is only one system to fix.
Innovation in finding, fixing, and getting fixes on
the machines is of value. I think that is happening.
Every system has these problems, so sharing the innovations
will be of value to everyone. It is likely that
wiser and calmer minds will come to that conclusion
and work to that end.
len
From: Rick Marshall [mailto:rjm@zenucom.com]
On Thu, 2003-10-02 at 06:12, Bullard, Claude L (Len) wrote:
> Some more insight on innovation in open source:
>
> http://www.eweek.com/article2/0,4149,1306158,00.asp
>
> Looks like Sun is not above a bit o' theatre and
> information gaming (I used to call this playing
> off the 8-ball: tell the geeks and they tell the
> other geeks who believe it because of the source).
>
> and one on security flaws in an open source system.
>
> http://www.eweek.com/article2/0,4149,1305344,00.asp
this is one of a large number of possible security flaws that "may be
used to cause..."
one of the strengths of the current approach is the discovery and
rectification of potential faults often long *** BEFORE *** they get
exploited
|
