Finn Gruwier Larsen wrote:
It's very interesting to see that Microsoft once again is behind this
OOo FUD.
Can we use this important information from Simon in an official answer
to the attack?
I guess we should not use the information and I'm not convinced that it
is a wise thing to do, i.e. get into a direkt fight. From my point of
view there is a way to present the news in a much more positive light:
* Yes, ZIP and XML are open techniques which make it easy for someone
to include malicious elements. However, the transparent nature of
these technologies also make it easy to detect malicious elements.
It's like with open source in general. Yes, on the one hand the
availability of source code makes it easier to identify and exploit
security holes. However, for the same reasons issues can be
identified and fixed faster.
* Yes, the cross-platform scripting support of OpenOffice.org makes it
possible to run macros (including malicious ones) across platforms,
and thus the risks are higher. However, at the same time potential
benefits are higher as well.
Driving a 500 horse power sports car is theoretically more dangerous
than 70 horse power compact car because people can drive faster and
thus kill themselves more easily. However, a sports car does not have
to be more dangerous. If one drives the sports car accordingly, there
is no higher risk. And if someone likes to drive fast, because he or
she thinks it's more fun, than the risk of being killed in a car
crash is something one has to live with.
* Military government agencies are developing extensions for
OpenOffice.org. They most likely won't do that if they were seriously
concerned about the security of OpenOffice.org compared to available
alternatives.
* Mr. Filiol was impressed by the fast response from the OpenOffice.org
including Sun Microsystems. There is a very positive quote in the
report!
* We're happy about the external security audits by organizations like
the ESAT, because the feedback helps to develop a very secure office
productivity solution.
* Due to the availability of the source code, companies and government
organizations can help developing new security features and concepts.
All the best,
Erwin
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]