Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Security Basics: Re: Why open source software is more secure

Re: Why open source software is more secure

From: Adriel Desautels <adriel_at_netragard.com>
Date: Thu, 08 May 2008 13:40:00 -0400

Greetings,
        We recently did an "internal" study against closed source software and
open source software. During the study we focused on security
appliances, commonly used applications, and common web applications. The
goal of the study was to identify which on average was more secure.

        Open Source software won hands down. The reason why we believe that
Open Source software came out on top is because it is exposed to the
community and is scrutinized by talented developers around the world.
The same can not be said about closed source software. Closed source
software is only scrutinized by the people who build it.

        This is akin to network security. Companies are usually required to
bring in third parties to assess their network. They can't effectively
assess their own work, because it is their work.

        There are many good software vendors that create fairly secure and well
written products. Buying technology from those vendors means that you
get their support. It also means that you have someone to fall back on
if things don't go your way. It does not mean that you are getting the
highest quality product though.

        Hope this made sense.

Regards,
        Adriel T. Desautels
        Chief Technology Officer
        Netragard, LLC.
        Office : 617-934-0269
        Mobile : 617-633-3821
        http://www.linkedin.com/pub/1/118/a45

        Join the Netragard, LLC. Linked In Group:
        http://www.linkedin.com/e/gis/48683/0B98E1705142

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com - "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know : http://tinyurl.com/26pjsn

aliasghar.toraby_at_gmail.com wrote:
> sapran wrote:
>> The main goal of a software vendor is not to bring you a _good_
>> product, but to sell it you. That is the only truth about that. That's
>> why the product might be fully featured, nicely decorated and
>> published on time: the vendor is economically motivated to make it
>> this way. But there's no sense to make it secure and stable because
>> the only motive for this is liability which does not exist software
>> industry.
>>
>> There are two ways for things to become better. The first one is fully
>> described by Bruce Schneier it his "Secrets and Lies", the top book to
>> be read by all 'connected' folks. Its increasing of liability to the
>> level of its presence in other industries, for ex. banking or plane
>> building. And there is another, more utopic, to ignore the business
>> motives during the process of software development.
>>
>> It may remind you the methods of decreasing of unemployment proposed
>> by Marks: to remove market economy at all. But this is a topic to be
>> thought out I guess, so your comments are welcome.
>>
>>
> What do you mean about security?
> I think that policy give a guaranty and security. And open source is a
> safe policy.
Received on May 08 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]