| Subject | Re: Are open source databases more secure? |
|---|---|
| Author | Adam |
| Post date | 2005-10-29T00:50:21Z |
--- In Firebird-general@yahoogroups.com, Artur Anjos <listas@a...> wrote:
Linux, Firefox / Thunderbird, Apache, Java, Open Office and other
software that is either Open Source or built on open source software.
Closed source does have the "advantage" of being able to keep security
flaws somewhat hushed until they have resources to resolve the issue.
Unfortunately, it tends to be dictated by commercial pressures. If a
company releases 10 security patches for 6 consequetive months, then
the software will gain the reputation of being insecure, even though
it may be more stable than before.
If Firebird publicises a security vulnerability, then this disclosure
affects the vulnerability of my applications that run Firebird.
Vulnerability is a combination of criticality and likelihood, and
while it does not affect the criticality of the issue, it does make an
attack more likely as the hardest part is done for them.
It is really only since the popularisation of the internet that we
have had to worry that we may not be legally protected from our
attackers. They may not even live in a country which has appropriate
legislation or resources to trace attacks or the will to do so, so I
do not see how the "maturity or age" argument would stand. In any
case, Firebird has 20+ years old maturity.
From a security perspective,
IIS or Apache?
Outlook or Thunderbird?
IE or Firefox?
Office or OpenOffice?
Windows or Linux?
Several are no brainers, others are a lot closer than they used to be.
Adam
>for
>
> It does not mention Firebird, but it's an interesting reading
>
> ""The open source database market is immature compared to the market
> proprietary products from the likes of Oracle and IBM," Andrews said.http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1137482,00.html
> "We haven't had that test of time where you can really measure which is
> more secure. But there's no question that we're seeing an appetite for
> open source."
>
> Here is the full article:
>
>It is the same old argument. The same could be argued about OS-X,
Linux, Firefox / Thunderbird, Apache, Java, Open Office and other
software that is either Open Source or built on open source software.
Closed source does have the "advantage" of being able to keep security
flaws somewhat hushed until they have resources to resolve the issue.
Unfortunately, it tends to be dictated by commercial pressures. If a
company releases 10 security patches for 6 consequetive months, then
the software will gain the reputation of being insecure, even though
it may be more stable than before.
If Firebird publicises a security vulnerability, then this disclosure
affects the vulnerability of my applications that run Firebird.
Vulnerability is a combination of criticality and likelihood, and
while it does not affect the criticality of the issue, it does make an
attack more likely as the hardest part is done for them.
It is really only since the popularisation of the internet that we
have had to worry that we may not be legally protected from our
attackers. They may not even live in a country which has appropriate
legislation or resources to trace attacks or the will to do so, so I
do not see how the "maturity or age" argument would stand. In any
case, Firebird has 20+ years old maturity.
From a security perspective,
IIS or Apache?
Outlook or Thunderbird?
IE or Firefox?
Office or OpenOffice?
Windows or Linux?
Several are no brainers, others are a lot closer than they used to be.
Adam