General discussion


Who's responsible for OpenSource OS's

By HAL 9000 Moderator ·
It is somewhere else as I saw this question a few days ago and as usual paid very little attention to it however it did get me thinking evnetually. Exactly who is responsible for Open Sorce Codes Security. This question on first glance seems simple enough and I even was of the opinion that someone was trying to deflect critisinum from good old MS but on thinking about it I cane to this conclusion.

As all this open source code is downloadable whoever downloads and installs it is responsible, however if you by a boxed set then the supplier should be responsible. Sounds simple enough all right? Then I thought about the licence agrement that comes whit every bit of open sorurce software I have ever used and I am talking Unix/Linux here. There is one very big difference between Open Source Os's and the MS alternative. The open source encorouges you to go into the sorce code and plug any holes you find and they only ask that you post these changes for everybody else to use. MS on the other hand has the corporates world most closely guarded secret and that is its Windows whatever sorce code they actually write it in their own machine language nothing wrong there But I would not like to be the person who approched Microsoft and told them I had found a flaw in one of thier OS's. This is the real difference in Open Source you are welcome to make changes not only that but are actually encouraged MS on the other hand I do not think would treat you very nicely if you approched them with a security improvement I personally think they would at the very least be highly offended and take steps against you.

I am open to your coments on this. Any ideas?

This conversation is currently closed to new comments.

18 total posts (Page 2 of 2)   Prev   01 | 02
Thread display: Collapse - | Expand +

All Comments

Collapse -

by djent In reply to That's the way it should ...

I quit loading BETA SW 5 years ago, who needs the problems. I also avoid MS OSs prior to SP3, who needs the problems. At least with Linux mods we get to share the benefits free of charge.

Collapse -

Dead right

by HAL 9000 Moderator In reply to

However I simply don't have the luxery of only using Linux personally it whats I prefer but here in the real world we have to use computers to run programs that will only run on Windows and until a trully sucessful windows emulator becomes availablefor Linux thats what we are stuck with. As far as not loading Beta I prefer no to as well but then again I am only cutting my own wrists as I have to work with what ever MS produces so I at least take the trouble to have a look {I keep a couple of drive available for this} and yes I do report any flaws that I find as it is simply in my best interests. However if I was not working in an enviroment where MS products dominate and had the luxery of sitting at home without worries I wouldn't even somuch as open these boxes either. Itts just connon sence to try to make your life as easy as possible. And without Beta Testers just think what would come out of MS that should give you nightmares for a few days.

Collapse -

Dont they give you the final free now

by Deadly Ernest In reply to That's the way it should ...

A mate of mine used to do a lot of beta testing for MS, and lodged lengthy reports. The only reason he did it was when the final release version came out they sent him a full commercial copy as way of a thank you. he got heaps of valid software for nothing by doing this, about 80% of what he ahd and used.

I would have thought that they still did this.

Collapse -

by djent In reply to Dont they give you the fi ...

Its a matter of how much time you can afford to waste screwing around with buggy software and what is your time worth. When MS puts me on their payroll I will test buggy software, until then I will use old releases that work, or another OS. I dont knowingly buy buggy cars or TV sets, why buy buggy software that snoops my computer. We get unfinished product because MS wants to accelerate their cash flow, when they offer some value I may buy it, or not. GM may want me to trade up every year but they have to compete with others for my business.

Collapse -

Maybe in the US However

by HAL 9000 Moderator In reply to Dont they give you the fi ...

I have not ever had this happen in Australia. However I just migh not submit lengthy enough reports I don't know. I have however recieved some sofrware free from MS but this was never as a result of any Beta testing that I did or that I know of as it came a very long time after the final version was released. I have aslo sent reports on flaws I have found in various MS OS's durring use by either myself or someone from my department as head they always go through me so at least it is only possible for me to upset MS and not my staff. After all I'm the head of the department so anything should stop with me as I bear the ultimate responsibility. And all my staff know that I am unwilling to ask any of them to perform a task that I am unwillingto do myself. This at least lets them know I am fair when setting tasks as I often where possible take the worst ones myself. It at least makes all my staff know if they are unhappy with something that I deligate they can always come and change jobswith me as mine is often a worse job that what I deligated to others. Actually most of the staff who do complain are only complaning because they think I am giving them responsibility above their current level of experience and I take a great deal of time telling them that if they don't try how can they improve.

Always when I start somewhere new my first question is "Whats the worst job here?" When they reply I then say well thats mine for now so lets get on with things! But this is getting off the original idea of just why I asked this question in the first place! What I wanted to know is what people out there think about who is responsible for security in Open Source OS's. I at first thought this an easy one as you can always leave the blame for something on a company like Red Hat, SuSe or whoever but then I thought of the good old rock solid Debian there is no company there.

Collapse -

Excellent Approach on Responsibility

by Oldefar In reply to Who's responsible for Ope ...

I like your arguement for why Open Source security is a user responsibility while a proprietary OS like MS must retain retain some responsibility for their problems. Same logic applies to applications.

For firms like MS, its the cost of business.

Collapse -

Well I know what I think however

by HAL 9000 Moderator In reply to Excellent Approach on Res ...

There don't seem to be many interested in this issue. But almost everyone that I meet wants to bang MS over the head for their problems but then again most people feel traped into using MS OS's at the very least and yes I agree the problem isn't limited just to MS if covers all the software suppliers but MS being the biggest comes in for the most critisium but then again I personally use Corel's Word Perfect Office and so far I really haven't found a problem with any of its applications and in actuall fact Word Perfect is better at converting to Word Formats than Word is at converting to the Word Perfect format but then again the same holds true for Star Office as well It can convert to Word format very easily but it has a real problem in converting its native format to Word Perfect format. But then againit could just be that I have used Word Perfect for soo long I am simply used to it and am unwillint to make the change. Even though I do have to use the MS alternatives in work but asa consulant whenever I have loaded a copy of the Word Perfect Office the company has always bought it. Actually it was quite funny the first time I approched Corel and told them that I had loaded a copy of their Office program onto a business computer for a trial purpose. After sitting through the normal lectures and threats of legal action for about 1 hour when they stopped for a breath I simply asked "So I guess that this means that you don't want to sell me the 200 Site Licence that I came in here for?" I now have it in writting that I can load all of their products onto computers for trial purposes and this is the best way I have found of selling their product. But then again I'm getting away from the original point arn't I.

Collapse -

by djent In reply to Excellent Approach on Res ...

Since MS code is closed and the EULA forbids modification they must provide updates or risk abandonment. Linux on the other hand is open, encourages mods and solicits submissions. Linux is a user driven os by design, therefore security is a user responsibility. The Linux community is an ecosystem not a free lunch.

Back to Security Forum
18 total posts (Page 2 of 2)   Prev   01 | 02

Related Discussions

Related Forums