dmo at acm.org
Wed Jan 22 15:26:12 EST 2003
On Wed, Jan 22, 2003 at 02:56:03PM -0500, Shad Young wrote:
> 1. Could not the sophistication of Linux render it more vulnerable, as
> many admins are not as you mentioned competent (Linux worm was successful
> for exactly that reason) and thus leave many easily exploits open?
Yes, but this is true for any operating system. An incompetent admin
running a Windows server is as much at risk as an incompetent one running a
> 2. Apache's website was hacked by exploiting a hole found within the
> source code... this hole may not have been found in a closed source
> product. http://www.dataloss.net/papers/how.defaced.apache.org.txt .
> Trojans are now a problem with downloaded source code. Could it not be
> argued that open source might always lead to rapid exploits?
The thing you're missing here is that most, if not all, large FLOSS projects
are publically visible during development. This means that there are dozens
or hundreds of developers looking at and using the code in test and
development environments before it reaches a stable production version.
Generally, the major flaws are found in this shakedown period, and even if
someone does come up with an exploit for a development version, there will
be very few (if any) public machines running exploitable binaries.
('> dmo at acm dot org
More information about the OCLUG