RE: [fw-wiz] tunnel vs open a hole

From: Sloane, David (DSloane@vfa.com)
Date: 04/11/03

  • Next message: Magosányi Árpád: "Re: [fw-wiz] tunnel vs open a hole"
    From: "Sloane, David" <DSloane@vfa.com>
    To: firewall-wizards@honor.icsalabs.com
    Date: Fri, 11 Apr 2003 15:40:08 -0400
    

    I was just about to ignore this ever-expanding thread when this post from
    Mr. Ranum caught my attention. Every aspect of the problem is addressed by
    open-source software development.

    -----Original Message-----
    > From: Marcus J. Ranum [mailto:mjr@ranum.com]

    > EVERY ASPECT OF THE PROBLEM MUST BE ADDRESSED AT ONCE. If
    > you fix all of the problems below but one you've still accomplished
    nothing:
    > - We need to change how execs manage software companies

    OSS has project leaders instead of execs. Their credibility is largely
    based on the quality of software they produce.

    > - We need to change customer's purchasing patterns

    Done. OSS purchasing is generally limited to custom-packaged software,
    support and consulting.

    > - We need to change how software middle managers manage software projects

    With a few exceptions (Ximian? Red Hat?) there are no managers in OSS,
    middle or otherwise.

    > - We need to change engineering practices and get engineers to write
    better code
    > and do it faster

    Good OSS software has broad, fast peer-review. Bug-fixes in good projects
    (Apache, nmap, Evolution, etc.) come fast on the heels of bug reports.

    > - We need to change how software is marketed (as long as it's
    cost-effective
    > to just call your product Secure-* rather than make it secure,
    then > > > that's what'll happen...)

    OSS marketing, especially at the packaged-product level, ranges from limited
    to nonexistent. Peer-review of code makes marketing much less relevant.
    Software that doesn't meet security requirements can be re-written or
    replaced without losing software-license investment dollars.

    It's not a perfect model, but it sure turns each of these problems on its
    ear.

    Whether the result is better or worse... well, it's hard to make things much
    worse, isn't it?

    disclaimer: My involvement with open-source is limited to OSS Windows apps
    (including Apache) and tinkering with Linux at home. Most of my work time
    is spent managing Windows servers.

    -David Sloane
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Magosányi Árpád: "Re: [fw-wiz] tunnel vs open a hole"