James Knott said the following on 10/23/2012 10:26 AM:
BTW, if we want secure computers, we should ban Microsoft products, as they are responsible for most of the vulnerabilities out there.
Its not Microsoft, per se, its an emergent property of the fact that Microsoft is a marketing company not a software development company. When time-to-market and sales volume and market placing/dominance matter, the software quality slips. Conversely, so much of Linux isn't concerned with these matters, but *is* concerned with quality and hence security. Will this change? Possibly. Look at the demands that inadequately tested ("the next release of..") software is included in the next release of, for example, openSuse. Look, for example, at the issues raised in http://www.amazon.ca/Geekonomics-Real-Cost-Insecure-Software/dp/0321477898 <quote src="http://vimeo.com/8100759"> Poorly written, insecure software is no longer a technology issue; it is a public policy issue. Software vulnerabilities leave consumers, businesses, national infrastructures, government and the military susceptible to cyber attacks. The market does not provide significant or compelling incentives for developing secure software, thus current cyber security spending largely deals with the effects of insecure software. In essence, software manufacturers practice unrestrained vulnerability dumping onto downstream market participants. In the absence of policy discouraging this behavior, cyber defenders are too busy mopping the floor to turn off the faucet. This must change. </quote> http://my.safaribooksonline.com/book/technology-management/9780321477897/pra... See also http://www.amazon.com/Deadly-Sins-Software-Security-Programming/dp/007162675... We aren't teaching the mistakes of the past as we are with other engineering disciplines. Part of this is because anyone can call themselves a 'programmer'. Its sort of like 'home renovations', only this is stuff that affects the public. -- I have no faith, very little hope, and as much charity as I can afford. Thomas H. Huxley -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org