Quote:
|
Originally Posted by Nathan
I know that one of the reasons of open source is auditing. That does not change the fact that the reason why we encoded it is to SECURE our property. If we did not do that we could not have licensed it and everyone could have stolen our ideas. Why would anyone let that happen in a commercial environment?
From how you talk, you must be some open-source-lover. Do you read through the source of every single program you want to use before actually using it?
BTW, if open-source is there to have apps run "flawless"... I wonder why the heck there are new security holes found in open source apps every day. Does not seem to help much that great open-source idea, huh?
Of course, you will now come and say "but non-open-source apps have even more holes".....
|
Please tell me you're not that naive. Fair enough you want to protect your property - but there are laws for that. I'm sure there's nothing amazing about your PHP that is so revolutionary that it will be stolen.
Moreover, I do love open-source and there's definitely nothing wrong with that. I'm sure your servers are running Linux/FreeBSD, which is open-source. You use PHP, which is open-source. You use MySQL, which is open-source. I'm not required to read through the source of every application I run because I am confident that it has been audited correctly by the open-source community several times over. But it certainly helps when I am curious as to how a certain application is working.
It's also rather useful when developing FOR a certain application. For example, developing an Apache module - the source is essential.
And finally, you've proved you have NO clue about security. Go subscribe to bugtraq and see the spread of vulnerabilities. Linux/FreeBSD/OpenBSD .. hell ANY of the Unixes haven't had a major remote vulnerability in yonks. Lets see about Windows - two DCOM vulnerabilities in the last year? More IIS vulnerabilities. The list goes on.
You'd have to be absolutely out of your mind to try to tell me, that closed-source applications are somehow more secure. The reason bugs are often found in open-source applications, is because they are much more easily audited. So while the open-source applications have the non-critical bugs ironed out of them, people are stumbling across MAJOR vulnerabilities in things like Windows all the time.
How about the fundamental flaw in the Windows messaging system that allows anyone to escalate privileges? Shatter?
Clearly, you have no idea what I'm talking about because you haven't researched that much into security. But trust me, I have. I'm not going to sit here and argue what OS is more secure or something stupid like that. I'm just going to say, that open-source makes me feel much safer on the boxes I use.