Subject: Re: anti/Law
From: kragen@pobox.com (Kragen Sitaker)
Date: Wed, 14 Apr 1999 15:07:54 -0400 (EDT)

Rich Persaud wrote:
> Open source lets a non-specialist exploit security weaknesses, increasing
> your statistical chance of being attacked.  This additional testing volume
> increases the priority of getting the problem fixed.

This is nonsense.

rootshell.com lets a non-specialist exploit security weaknesses, in
both free software and proprietary software.  Once a specialist has
packaged an attack into an easy-to-use tool, anyone can apply it --
regardless of whether the target is open source or not.

Conversely, exploiting security holes once found -- before anyone has
written a program to automate the exploit -- generally requires some
skill, regardless of whether the target is open source or not.

There may be some merit to the claim that it's easier to *find*
security holes in proprietary software, but I'm not sure there is.

-- 
<kragen@pobox.com>       Kragen Sitaker     <http://www.pobox.com/~kragen/>
This is exactly how the World Wide Web works: the HTML files are the pithy 
description on the paper tape, and your Web browser is Ronald Reagan. 
  -- Neal Stephenson, at http://www.cryptonomicon.com/beginning_print.html