RE: [fw-wiz] tunnel vs open a hole

From: Sloane, David (DSloane@vfa.com)
Date: 04/11/03

Next message: Magosányi Árpád: "Re: [fw-wiz] tunnel vs open a hole"

Previous message: Duncan Sharp: "Re: [fw-wiz] tunnel vs open a hole"
Maybe in reply to: Anton A. Chuvakin: "[fw-wiz] tunnel vs open a hole"
Next in thread: Marcus J. Ranum: "RE: [fw-wiz] tunnel vs open a hole"
Reply: Marcus J. Ranum: "RE: [fw-wiz] tunnel vs open a hole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Sloane, David" <DSloane@vfa.com>
To: firewall-wizards@honor.icsalabs.com
Date: Fri, 11 Apr 2003 15:40:08 -0400

I was just about to ignore this ever-expanding thread when this post from
Mr. Ranum caught my attention. Every aspect of the problem is addressed by
open-source software development.

-----Original Message-----
> From: Marcus J. Ranum [mailto:mjr@ranum.com]

> EVERY ASPECT OF THE PROBLEM MUST BE ADDRESSED AT ONCE. If
> you fix all of the problems below but one you've still accomplished
nothing:
> - We need to change how execs manage software companies

OSS has project leaders instead of execs. Their credibility is largely
based on the quality of software they produce.

> - We need to change customer's purchasing patterns

Done. OSS purchasing is generally limited to custom-packaged software,
support and consulting.

> - We need to change how software middle managers manage software projects

With a few exceptions (Ximian? Red Hat?) there are no managers in OSS,
middle or otherwise.

> - We need to change engineering practices and get engineers to write
better code
> and do it faster

Good OSS software has broad, fast peer-review. Bug-fixes in good projects
(Apache, nmap, Evolution, etc.) come fast on the heels of bug reports.

> - We need to change how software is marketed (as long as it's
cost-effective
> to just call your product Secure-* rather than make it secure,
then > > > that's what'll happen...)

OSS marketing, especially at the packaged-product level, ranges from limited
to nonexistent. Peer-review of code makes marketing much less relevant.
Software that doesn't meet security requirements can be re-written or
replaced without losing software-license investment dollars.

It's not a perfect model, but it sure turns each of these problems on its
ear.

Whether the result is better or worse... well, it's hard to make things much
worse, isn't it?

disclaimer: My involvement with open-source is limited to OSS Windows apps
(including Apache) and tinkering with Linux at home. Most of my work time
is spent managing Windows servers.

-David Sloane
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Magosányi Árpád: "Re: [fw-wiz] tunnel vs open a hole"

Previous message: Duncan Sharp: "Re: [fw-wiz] tunnel vs open a hole"
Maybe in reply to: Anton A. Chuvakin: "[fw-wiz] tunnel vs open a hole"
Next in thread: Marcus J. Ranum: "RE: [fw-wiz] tunnel vs open a hole"
Reply: Marcus J. Ranum: "RE: [fw-wiz] tunnel vs open a hole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]