Thanks to everyone for their enlightening replies to this thread! My replies below:
----- Original Message ----- From: "Aaron J. Seigo" <[EMAIL PROTECTED]> Date: Wednesday, March 24, 2004 10:44 am Subject: Re: [clug-talk] 12 Reasons Andreessen Is Hot On Open Source > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 <snip> > > Ugh, propaganda just drives me nuts; it sells an agenda, not the > > product/service/ideal/whatever. > > agreed. So, one thing I didn't get at first is how much Andreessen is the visionary type. I've worked for (and with) his type, and even subscribe readily to being vision-led myself (being a right-brained, creativity-oriented person in my other life ;-). I suppose I would have been less critical had I: a) realized this earlier, and b) not been in this left-brained, security-conscious, take everything literally and analyze it mode. :-D > > 4) "It's simply going to be more secure than proprietary software." > > > > There's no evidence to support this. Open Source software can > > be more > > > secure; it can also be much worse than closed source. I think my critical mindset led to a misinterpretation here. I fully believe Open Source is better at maintaining security (auditing, patching, etc.). From that perspective, the statement "It's simply going to be more secure..." makes sense. To paraphrase: "It is inevitable..." Whereas you can't guarantee that in closed source. Classic visionary statement. I dig that. My argument (from the literal, critical perspective) was that just because source code is available does not mean it is inherently better in terms of security. What if nobody ever looks at the source? What if nobody ever examines the source with security in mind? The balance to the above point, as Stephen Keeling noted in his reply, is that the _potential_ is there with Open Source, whereas it is not with closed source. Again, I dig that. I think that's an important distinction, and I'm glad it was made. On the topic of security, I'd like to add that Open Source organizations (Debian, GNOME, etc.) have, of late, been doing a great job at dealing with security breaches through their responses. They have followed best practices in taking things offline, doing good forensics, patching and publishing the results, all in a timely manner. I don't know if this is community pride, or a side-effect of good security practices in Open Source circles, but it is laudable at any rate. It has been pointed out (on Slashdot, I think) that many companies do not respond in this fashion; in fact, often quite the opposite (they brush it under the mat) in order to save face and/or business. In the end, the result is quite the opposite. I see the Open Source organizations coming out with a lot more credibility. > > Secure software has > > little to do with whether it's open or not; good software design and > > adhering to best practices has more to do with it. IANAD > > i agree; the question is where do good design and best practices > more often > crop up? closed or open source? this is a very interesting topic, > and one in > which it is easily shown that Open Source has great potential that > most of > the larger projects excercise to the full extent. That is a very interesting question. I have never really followed it to this end, but it certainly begs the question. Let me know when you figure out the answer. ;-) Time for bed. <grin> Curtis _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
