Tweet
ISC posted an interesting piece today regarding the state of defensive network security. From the article:
"McAfee posted a research report with the title: "Paying the Price for the Open Source Advantage". The paper very nicely puts forward a number of examples where open source hurts security. Open source enables attackers to examine source code for flaws, and a lot of malware writers use open source concepts to collaborate. The report leaves out how the lack of collaboration in the defensive community left us chasing sophisticated and well developed threats with outdated signature based tools and software whose security is largely based on an easily pierced veil of obfuscated proprietary code."
While I can't say I necessarily agree with it one hundred percent, it's an interesting article and the McAfee paper is well worth a read. Some very salient points regarding the current state of network security are raised - though not necessarily new in and of themselves, they do go some way towards dispelling the myth that 'open source' automatically equals 'secure', and talks about some of the actual reasons behind why we're seeing increased threat activity despite a much wider interest in and deployment of security methodologies and tools.
"McAfee posted a research report with the title: "Paying the Price for the Open Source Advantage". The paper very nicely puts forward a number of examples where open source hurts security. Open source enables attackers to examine source code for flaws, and a lot of malware writers use open source concepts to collaborate. The report leaves out how the lack of collaboration in the defensive community left us chasing sophisticated and well developed threats with outdated signature based tools and software whose security is largely based on an easily pierced veil of obfuscated proprietary code."
While I can't say I necessarily agree with it one hundred percent, it's an interesting article and the McAfee paper is well worth a read. Some very salient points regarding the current state of network security are raised - though not necessarily new in and of themselves, they do go some way towards dispelling the myth that 'open source' automatically equals 'secure', and talks about some of the actual reasons behind why we're seeing increased threat activity despite a much wider interest in and deployment of security methodologies and tools.
Comment