Re: [fw-wiz] tunnel vs open a hole
From: Joseph S D Yao (jsdy@center.osis.gov)
Date: 04/15/03
- Previous message: Bowden, Kevin: "RE: [fw-wiz] tunnel vs open a hole"
- In reply to: Marcus J. Ranum: "RE: [fw-wiz] tunnel vs open a hole"
- Next in thread: Bowden, Kevin: "RE: [fw-wiz] tunnel vs open a hole"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Joseph S D Yao <jsdy@center.osis.gov> To: "Marcus J. Ranum" <mjr@ranum.com> Date: Tue, 15 Apr 2003 11:25:39 -0400
On Tue, Apr 15, 2003 at 10:06:02AM -0400, Marcus J. Ranum wrote:
> Sloane, David wrote:
> >I was just about to ignore this ever-expanding thread when this post from
> >Mr. Ranum caught my attention. Every aspect of the problem is addressed by
> >open-source software development.
>
> Spoken like a true believer...
> _BUT_ -- if open source is the solution, why do we still have the problem?
>
> mjr.
Open source is not the solution, but just another model. Two big
holes: (a) it is not the only game in town, so people might NOT buy
into it [and all too many don't, for the wrong reasons]; and (b) the
only incentive to "get it right" in the majority of the projects where
the programmers are not paid, is the pride of getting it right. While
for many this should be enough, there are no funds for educating the
programmers HOW to get it right, and so many holes can be overlooked.
Plus, it depends solely on the project co-ordinator how much effort is
put into reviewing the code for problems BEFORE a release. Witness the
fact that [after being out there so many years] we are starting to see
such an increase in reported exploitable [not necessarily exploited]
flaws in open-source code.
-- Joe Yao jsdy@center.osis.gov - Joseph S. D. Yao OSIS Center Systems Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of OSIS Center policies. _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Bowden, Kevin: "RE: [fw-wiz] tunnel vs open a hole"
- In reply to: Marcus J. Ranum: "RE: [fw-wiz] tunnel vs open a hole"
- Next in thread: Bowden, Kevin: "RE: [fw-wiz] tunnel vs open a hole"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
