OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   RE: [xml-dev] Managing Innovation

[ Lists Home | Date Index | Thread Index ]

On Thu, 2003-10-02 at 23:51, Bullard, Claude L (Len) wrote:
> Yes.  That is why some are running 24x7x365 
> organizations to find security holes, fix them, and 
> get the announcements out faster than they can be exploited. 
> There are big problems when the announcements go out 
> and are ignored, not understood, or the user doesn't 
> have the competence to do the work.  There is a bigger 
> problem if the hole is in systems that sit on the majority 
> of desktops and some number of servers.  That is the 
> monoculture problem.  On the other hand, one could 
> make the claim that if there is only one system to hit, 
> there is only one system to fix.
> Innovation in finding, fixing, and getting fixes on 
> the machines is of value.  I think that is happening. 
> Every system has these problems, so sharing the innovations 
> will be of value to everyone.  It is likely that 
> wiser and calmer minds will come to that conclusion 
> and work to that end.

that's why i primarily use windows 2000/xp and redhat linux distros -
redhat in particular is very fast at getting fixes out - so they
obviously recognise the problem from a business perspective. ximian has
an alternative that is almost as good. microsoft does the job, but i
find it's response a bit patchy although i haven't done the stats.
basically i watch the announcements from cert and then how long to get a
fix from the vendor.

> len
> From: Rick Marshall [mailto:rjm@zenucom.com]
> On Thu, 2003-10-02 at 06:12, Bullard, Claude L (Len) wrote:
> > Some more insight on innovation in open source:
> > 
> > http://www.eweek.com/article2/0,4149,1306158,00.asp
> > 
> > Looks like Sun is not above a bit o' theatre and 
> > information gaming (I used to call this playing 
> > off the 8-ball: tell the geeks and they tell the 
> > other geeks who believe it because of the source).
> > 
> > and one on security flaws in an open source system.
> > 
> > http://www.eweek.com/article2/0,4149,1305344,00.asp
> this is one of a large number of possible security flaws that "may be
> used to cause..."
> one of the strengths of the current approach is the discovery and
> rectification of potential faults often long *** BEFORE *** they get
> exploited


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS