OpenSource & Security

From: Frank Døssing (fank@emigrantos.dk)
Date: 04/24/03 

Date: Thu, 24 Apr 2003 12:11:04 +0200
From: Frank Døssing <fank@emigrantos.dk>

Hello,

I'm not sure this is the right group - if not please let me know.

I'm working on a paper about OpenSource and Security (trying to narrow
it down). Right now I'm looking for some information. My questions are:

1. When developing OpenSource Software (OSS) is any standard concerning
security adviced to be followed ?
2. I need some examples of OSS that has been certified according to any
known security standard (ISO, BS etc)

If you have answers or comments to my questions I would be very pleased.

Thanks in advance

regards
Frank Dossing
cph.dk

Relevant Pages

  • [fw-wiz] Re: firewall-wizards digest, Vol 1 #1095 - 2 msgs
    ... since i didn't read the original post (only ... <much snipped about opensource on Windoze> ... > with the Operating system itself (there have been numerous Root level ... > the OS being integrated into the security code. ...
    (Firewall-Wizards)
  • Re: [Full-Disclosure] aside: worm vs. worm?
    ... In some mail from security snot, ... > Had this worm been directed at any opensource vendor, ... If the Snort worm had been designed to launch attacks against ... with Microsoft products is amplified by their prevalence on the Internet. ...
    (Full-Disclosure)
  • Re: Writing Secure Code...
    ... Well, think you can agree that OSS gives access to more people, right? ... > about it's security, and corporate policits, etc. ... > reviews, fixes, etc, hence less secure code. ... > I definately agree with you about developer skill, ...
    (SecProg)
  • RE: [inbox] Re: [Full-Disclosure] RE: Linux (in)security
    ... I agree that inherent OS features have much to do with their ... very few security issues (even, in the first case, where heavily ... accomplished, to a pretty good approximation, by these OSs due ... matter how well you configure Windows, it will still be vulnerable, waiting ...
    (Full-Disclosure)
  • Re: [Full-disclosure] OSS means slower patches
    ... It sometimes happens that OSS ... developers don't care much about journalistic hypes about vulnerabilities ... Security vulnerabilities are usually dealt with "best effort" commitment ...
    (Full-Disclosure)