From: "Geo." 

"Thees Peereboom"  wrote in message
news:8a6uuuo0325tugj5hv3mele76iq767d12r{at}4ax.com...

> No, my point is that software, either branded or OS, is only 'safe'
> until the next hack is found. Your point was that OS is less safe than
> 'branded' software because everybody can have access to the sources of
> OSS.

Not less safe, my point was that once someone discovers a flaw in a library
function, it's easy for the hackers to find all parts of open source
software that use that function and to immediately begin probing those
areas to find new exploits. This results in more public exploits. On the
closed source side, only the programmers who have access to the source can
do this, so they find the same thing but the exploits are never in the
hands of the evil hackers.

Evil Hackers don't report exploits and give vendors a chance to patch them,
so it's not the same as when the security community reports an problem.
These types of secondary discoveries get used in the wild quite quickly.

> But sometimes it's worth the trouble, especially if you think that
> this specific software provides you with advantages towards the
> competition. Or if you don't want to be dependent on just one company,
> like many governments these days in their switch from MSFT software to
> Linux.

I won't argue with that, there are times when open source has definite
advantages simply because you require the source for your own future
security.

--- BBBS/NT v4.01 Flag-4