No announcement yet.

Out-Share or Die!

  • Filter
  • Time
  • Show
Clear All
new posts

  • Out-Share or Die!

    ISC posted an interesting piece today regarding the state of defensive network security. From the article:

    "McAfee posted a research report with the title: "Paying the Price for the Open Source Advantage". The paper very nicely puts forward a number of examples where open source hurts security. Open source enables attackers to examine source code for flaws, and a lot of malware writers use open source concepts to collaborate. The report leaves out how the lack of collaboration in the defensive community left us chasing sophisticated and well developed threats with outdated signature based tools and software whose security is largely based on an easily pierced veil of obfuscated proprietary code."

    While I can't say I necessarily agree with it one hundred percent, it's an interesting article and the McAfee paper is well worth a read. Some very salient points regarding the current state of network security are raised - though not necessarily new in and of themselves, they do go some way towards dispelling the myth that 'open source' automatically equals 'secure', and talks about some of the actual reasons behind why we're seeing increased threat activity despite a much wider interest in and deployment of security methodologies and tools.

  • #2
    Re: Out-Share or Die!

    I am going to be a bastard by saying this....But...

    It seems McAfee is trying to Pawn their flaws on Open Sources.

    As you said; good read (yes), and some points are obviously not new; but all truth- Open Source = Not completely secure (As anything is on a computer?)

    I just wonder what difference it will make from McAfee's plan to Post a catalogue of bots/virus'/etc.
    A paranoid is someone who knows a little of what's going on.
    William S. Burroughs


    • #3
      Re: Out-Share or Die!

      I wonder if large software company use the sources to open source aplications in there own? There will be no way to prove that they didn't.