Dave Marcus of
McAfees Avert Labs says that developers of malicious software including
Trojans and bots are benefiting from the open-source development model. Apparently developers of the Agobot malware
family are using CVS (Concurrent
Versions System) to manage source file and collaboratethis greatly
increases the speed at which updates can be propagated and modificationschecked/tested.
A full article covering the topic of this open-source trend
can be found in McAfees new magazine, Sage, released yesterday. The title of the article, Paying a price for
the open-source advantage does make it sound like an attack on the open-source
modelblaming it for increasing threats online; this apparently is not the
intentionhowever full disclosure was more of an issue We're not taking aim at
the open-source movement; we're talking about the full-disclosure model and howthat effectively serves malware development,.
Full disclosure is a topic on which many people
disagree. On the one hand full
disclosure can aid malicious code writers to exploit vulnerabilities more
quickly, on the other it aids a fast response from software vendors to closethese holes.
Whats your opinion on full disclosure? Is it good or bad (no sitting on the fence)?