Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [NEWS] Is Linux really the Golden Security Goose Well, one has to wonder.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

____/ AZ Nomad on Saturday 09 August 2008 22:36 : \____

> http://article.gmane.org/gmane.linux.kernel/706950
> 
> <copied>
> 
> From: Linus Torvalds <torvalds <at> linux-foundation.org>
> Subject: Re: [stable] Linux 2.6.25.10
> Newsgroups: gmane.linux.kernel
> Date: 2008-07-15 16:13:03 GMT (3 weeks, 4 days, 6 hours and 17 minutes ago)
> 
> On Tue, 15 Jul 2008, Linus Torvalds wrote:
>  >
>  > So as far as I'm concerned, "disclosing" is the fixing of the bug. It's
>  > the "look at the source" approach.
> 
> Btw, and you may not like this, since you are so focused on security,
> one reason I refuse to bother with the whole security circus is that I
> think it glorifies - and thus encourages - the wrong behavior.
> 
> It makes "heroes" out of security people, as if the people who don't
> just fix normal bugs aren't as important.
> 
> In fact, all the boring normal bugs are _way_ more important, just
> because there's a lot more of them. I don't think some spectacular
> security hole should be glorified or cared about as being any more
> "special" than a random spectacular crash due to bad locking.
> 
> Security people are often the black-and-white kind of people that I
> can't stand. I think the OpenBSD crowd is a bunch of masturbating
> monkeys, in that they make such a big deal about concentrating on
> security to the point where they pretty much admit that nothing else
> matters to them.
> 
> To me, security is important. But it's no less important than everything
> *else* that is also important!
> 
> Linus
> <copied>
> 
> http://www.fortify.com/l/oss/oss_report.html
> 
> <copied>
> 
> Download the Open Source Security Study Today. Fortify's Open Source
> Security Study reveals that the most widely-used open source software
> packages for the enterprise are exposing users to significant and
> unnecessary business risk. Download this ground-breaking study and learn
> how:
> 
> Open Source Software (OSS) development communities have yet to adopt a
> secure development process and often leave dangerous vulnerabilities
> unaddressed Nearly all OSS communities fail to provide users access to
> security expertise to help remediate

FORTIFY-MICROSOFT ALLIANCE

,----[ Quote ]
| Microsoft and Fortify Software are enabling software developers and testers
| to build and deliver more secure applications. Visual Studio 2005 Team
| Edition for Software Testers offers an easy-to-use yet powerful framework for
| testing. Fortify leverages this infrastructure and adds Web application
| security testing capabilities. The combination of the two effectively brings
| basic security testing out of the realm of specialized experts and into the
| hands of software testers. In addition, Fortify provides its award-winning
| source code analysis capabilities to Visual Studio Team Edition for
| Developers so security flaws discovered in development and testing can be
| diagnosed and fixed quickly. Working closely with the Visual Studio team has
| enabled Fortify Software to incorporate its innovative software security
| capabilities within the powerful Visual Studio...
`----

http://www.microsoft.com/windowsserversystem/applicationplatform/launch2005/partners/fortify.mspx

Always follow the money.

Ingres gives Fortify security study a good fisking

,----[ Quote ]
| Her main points:
|
|    1. There are other security toolkits other than Fortify. Just because you
|       don’t use their system doesn’t mean you don’t care.
|    2. When reading vendor-sponsored studies consider the source. Always a
|       wise move.
|    3. Open source projects in Fortify’s Open Review report fewer defects per
|       thousand lines of code than proprietary products in the same review. I
|       didn’t know that.
`----

http://blogs.zdnet.com/open-source/?p=2691


- -- 
                ~~ Best of wishes

Roy S. Schestowitz     | D-I-S-C-O becomes D-I-E S-C-O
http://Schestowitz.com  |    RHAT Linux     |     PGP-Key: 0x74572E8E
 07:05:01 up 19 days, 17:11,  3 users,  load average: 0.40, 0.51, 0.53
      http://iuron.com - Open Source knowledge engine project
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkiek4MACgkQU4xAY3RXLo6DzACbBl2SgyzrcTnFUkYZREkAVb8j
jQEAnR7Y2FKSzvAllb68/eUnDHdTfx4x
=whI3
-----END PGP SIGNATURE-----

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index