THE POLL by ProQuest


More Info
									Debate» Open source software is less vulnerable                                                                            THREAT OF
                                                                                                                           THE MONTH
to attack than other software.
     FOR            I am tired of the prejudices                   AGAINST There’s little doubt that open
                    on both sides of the open                                         source has done a lot for secu-
                                                                                                                           What is it?
                    source debate, but particularly                                   rity. Over time this has been a
                                                                                                                           Adobe PDF is the Portable
                    those that are blindly anti-                                      great evolution, but at the same
                                                                                                                           Document Format, a cross
                    open source. While difficult                                       time, I don’t agree with people
                                                                                                                           platform way to share
                    economic realities are mak-                                       who tout open source as the
                                                                                                                           documents. The most
                    ing open source applications                                      only way to be secure and who
                                                                                                                           popular viewer for such
Jack Danahy         attractive and important, most                Caleb Sima          claim it is the ultimate answer
                                                                                                                           documents is Adobe’s
co-founder and CTO,
Ounce Labs
                    open source opponents con-                    CTO, HP Application
                                                                  Security Center
                                                                                      to code security.
                                                                                                                           Acrobat Reader. Multiple
                    tinue to construct straw men                                        Security still depends on the
                                                                                                                           exploits have been found.
from poorly written applications and indict                       contributors fixing a wide range of issues. If
the whole movement.                                               these engineers and technicians don’t do a
                                                                                                                           How does it work?
   I have yet to see anyone provide side-by-                      good job or there are not enough ‘security
                                                                                                                           Acrobat and PDF viewers
side vulnerability analysis of critical open and                  eyes’ looking over the code and reporting
                                                                                                                           are popular and are in-
closed sourced products. Long-lived applica-                      the issues, then open source runs the risk of
                                                                                                                           stalled by default on many
tions, like Apache, Linux, Firefox and others,                    being a detriment to security. I have been
                                                                                                                           PCs as a browser plug-in.
should be the targets, measured in context                        involved in many assessments where open
                                                                                                                           PDF exploits usually take
with Internet Information Services (IIS),                         source allowed me to find the weaknesses and
To top