More flaws foul security of open-source repository

TalkBack 29 of 55:: Next »; « Previous

Thread View
Flat View

Uh huh: "Flaws found.. fixed quickly..

There's no security by obscurity here!"

One small problem. Despite CVS being open source these vulnerabilities have just now been found. How old is CVS? How many eyeballs have actually looked at the code?

While I do agree looking back through the code (auditing) is valuable, I have a problem with the blithe assumption that such audits are done routinely *in any code base*, open or closed.

The truth is, if code works it's forgotten about. The very natural "if it isn't broke don't fix it" mentality takes over. After all, it seems counter-productive to go back and look at code that's working, right?

Whether CVS, Office, Linux, KDE, Mac OS/X or Windows of whatever flavor, bugs will exist. They will remain undetected until somebody has the will to mount a serious search.

The truth is, few people have the will. Fewer still have the skill. And almost nobody is willing to pay the bill.

I can guarantee the only OS out there that has a remote chance of being free of security flaws is Secure BSD--and that's only because they make a religion of it.

Everybody else tries, of course. But the nature of programming is such that nobody's going to find everything--even everything that should be obvious.

This p****ing match between the open source and proprietary software crowds does nothing productive. There's a *reason* that security specialists exist. Security is *difficult*, coding is hard enough, and all the best practices in the world won't close all the holes.

Live with it.; Posted by: wolf_z Posted on: 06/10/04 You are currently: a Guest | Members login | Terms of Use

Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Exceeding expectations Martin Marvinski | 06/09/04

You sound a bit defensive mojoman_x@... | 06/09/04

What?! Jeff Spicoli | 06/09/04

crimes richhayes | 06/10/04

crimes georgep_z | 06/10/04

Ummm.... ? Martin Marvinski | 06/09/04

Way to spin the story. ShadeTree | 06/10/04

But what you forget to mention. nucrash | 06/10/04

What in the world.... ShadeTree | 06/10/04

Simple nucrash | 06/10/04

So in response.... ShadeTree | 06/10/04

Why respond to your post? Martin Marvinski | 06/10/04

Thanks for adding to the FUD rock06r | 06/10/04

Whats a "M$ shills" Da-Man | 06/10/04

No it is definitely Shill ShadeTree | 06/10/04

Nice spin... Martin Marvinski | 06/10/04

I would agree except... ShadeTree | 06/11/04

From the home page of the CVS Project site. ShadeTree | 06/10/04

seems like doh123 | 06/10/04

If you have access.... ShadeTree | 06/10/04

Code on CVS has official maintainer(s) Michael Kelly | 06/10/04

Only official maintainers are supposed... ShadeTree | 06/10/04

Internet ?? WWW Michael Kelly | 06/10/04

I have confused nothing ShadeTree | 06/10/04

From the CVS Project web site ShadeTree | 06/10/04

RE: From the CVS Project web site Michael Kelly | 06/10/04

Obviously the CVS site must not be secure. ShadeTree | 06/10/04

More proof open source works.. and quickly! Xunil_Sierutuf | 06/09/04

Uh huh wolf_z | 06/10/04

wolf: Don't reply to this SHRILL above Da-Man | 06/10/04

Do you even know what the term refers to? rock06r | 06/10/04

Alternatives? doe_z | 06/09/04

CVS alternatives Chris Moller | 06/10/04

(NT)The VPN method is a good idea toadlife | 06/09/04

More flaws foul security of open-source repository Loverock Davidson | 06/10/04

Loverock's pick dwest_z | 06/10/04

How sweet! Loverock Davidson | 06/10/04

linux what? ryusen | 06/10/04

If they could just deliver a secure OS without bugs. No_Ax_to_Grind | 06/10/04

Yeah, Zealots are like flaws nucrash | 06/10/04

Touch? Michael Kelly | 06/10/04

Meh, nucrash | 06/10/04

Good idea, just wrong phrase rock06r | 06/10/04

OS? what? doh123 | 06/10/04

Still it's a security flaw that could breach OS code Michael Kelly | 06/10/04

If they could just deliver a secure OS without bugs. Loverock Davidson | 06/10/04

Close the door on 'free' non-professional software Andreas_Gruenbaum | 06/10/04

Bigger priorities Michael Kelly | 06/10/04

This problem is being addressed in SP2.(nt) ShadeTree | 06/10/04

Good. I wish them luck. (nt) Michael Kelly | 06/10/04

Check out: http://www.ghs.com Da-Man | 06/10/04

Just a clue... Linux User 147560 | 06/10/04

Should be: Close the door on non-professional software. doe_z | 06/10/04

Zdnet, you're posters have warned you about FilledOut | 06/10/04

There's always SecurID ... George Mitchell | 06/10/04

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Reducing Server Total Cost of Ownership with VMware Virtualization Software VMware VMware virtualization enables customers to reduce their server TCO and ... Download Now
Virtualization: Architectural Considerations And Other Evaluation Criteria VMware Of the many approaches to x86 systems virtualization available in the ... Download Now
Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Smart Tech Expert advice on innovations in healthcare and the green technologies that make it happen. Find out more
Smart Business Discussion and advice on management issues that revolve around making your world smarter and more useful. More Smart Advice
Smart People The best and worst moves in the management and strategy trenches. Learn More

Read the original story

More flaws foul security of open-source repository

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads