The future of Microsoft Open Source
MonsieurEvil
Join Date: 2002-01-22 Member: 4Members, Retired Developer, NS1 Playtester, Contributor
Join Date: 2002-01-22 Member: 4Members, Retired Developer, NS1 Playtester, Contributor
in Off-Topic
<div class="IPBDescription">It's a slow workday for monse</div>I tried to get Slashdot to post this article some time back, but in their typical one-sided approach to computing, they ignored me. You don't have to suffer from their hypocritical information suppression though!
<a href="http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2880639,00.html" target="_blank">MS opening up their code</a>
Here's a quote:
<!--QuoteBegin--></span><table border="0" align="center" width="95%" cellpadding="3" cellspacing="1"><tr><td><b>Quote</b> </td></tr><tr><td id="QUOTE"><!--QuoteEBegin--><b>How does this concept of Shared Source sit with the mantra of 'security through obscurity,' which is so closely associated with Microsoft? </b>
Microsoft does not subscribe to security through obscurity. But equally, the many eyes theory is untested and fairly unsupportable because most of what those eyes look at is the wrong stuff. People like to look at the sexy, interesting code, and the older, harder code that is more tedious to look at often gets overlooked. It is a lot more complicated than saying: if lots of people can see the source code then they'll find the bugs.
Take the Kerberos example, where a big flaw was discovered after ten years. This is an open-source security product that has had many eyes looking over it. OpenSSH is another example--this open-source product was recently found to have a Trojan horse in it. The problem with open source is that you don't know who is controlling the code. Microsoft always signs all of its binaries. You know who is responsible for it. For us the interest in shared source is to do with platform integrity. <!--QuoteEnd--></td></tr></table><span id='postcolor'><!--QuoteEEnd-->
<!--EDIT|MonsieurEvil|Oct. 02 2002,15:06-->
<a href="http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2880639,00.html" target="_blank">MS opening up their code</a>
Here's a quote:
<!--QuoteBegin--></span><table border="0" align="center" width="95%" cellpadding="3" cellspacing="1"><tr><td><b>Quote</b> </td></tr><tr><td id="QUOTE"><!--QuoteEBegin--><b>How does this concept of Shared Source sit with the mantra of 'security through obscurity,' which is so closely associated with Microsoft? </b>
Microsoft does not subscribe to security through obscurity. But equally, the many eyes theory is untested and fairly unsupportable because most of what those eyes look at is the wrong stuff. People like to look at the sexy, interesting code, and the older, harder code that is more tedious to look at often gets overlooked. It is a lot more complicated than saying: if lots of people can see the source code then they'll find the bugs.
Take the Kerberos example, where a big flaw was discovered after ten years. This is an open-source security product that has had many eyes looking over it. OpenSSH is another example--this open-source product was recently found to have a Trojan horse in it. The problem with open source is that you don't know who is controlling the code. Microsoft always signs all of its binaries. You know who is responsible for it. For us the interest in shared source is to do with platform integrity. <!--QuoteEnd--></td></tr></table><span id='postcolor'><!--QuoteEEnd-->
<!--EDIT|MonsieurEvil|Oct. 02 2002,15:06-->
Comments