RE: [fw-wiz] tunnel vs open a hole

From: Sloane, David (
Date: 04/11/03

  • Next message: Magosányi Árpád: "Re: [fw-wiz] tunnel vs open a hole"
    From: "Sloane, David" <>
    Date: Fri, 11 Apr 2003 15:40:08 -0400

    I was just about to ignore this ever-expanding thread when this post from
    Mr. Ranum caught my attention. Every aspect of the problem is addressed by
    open-source software development.

    -----Original Message-----
    > From: Marcus J. Ranum []

    > you fix all of the problems below but one you've still accomplished
    > - We need to change how execs manage software companies

    OSS has project leaders instead of execs. Their credibility is largely
    based on the quality of software they produce.

    > - We need to change customer's purchasing patterns

    Done. OSS purchasing is generally limited to custom-packaged software,
    support and consulting.

    > - We need to change how software middle managers manage software projects

    With a few exceptions (Ximian? Red Hat?) there are no managers in OSS,
    middle or otherwise.

    > - We need to change engineering practices and get engineers to write
    better code
    > and do it faster

    Good OSS software has broad, fast peer-review. Bug-fixes in good projects
    (Apache, nmap, Evolution, etc.) come fast on the heels of bug reports.

    > - We need to change how software is marketed (as long as it's
    > to just call your product Secure-* rather than make it secure,
    then > > > that's what'll happen...)

    OSS marketing, especially at the packaged-product level, ranges from limited
    to nonexistent. Peer-review of code makes marketing much less relevant.
    Software that doesn't meet security requirements can be re-written or
    replaced without losing software-license investment dollars.

    It's not a perfect model, but it sure turns each of these problems on its

    Whether the result is better or worse... well, it's hard to make things much
    worse, isn't it?

    disclaimer: My involvement with open-source is limited to OSS Windows apps
    (including Apache) and tinkering with Linux at home. Most of my work time
    is spent managing Windows servers.

    -David Sloane
    firewall-wizards mailing list

  • Next message: Magosányi Árpád: "Re: [fw-wiz] tunnel vs open a hole"