SAFE. Guía para proteger tu vida digital y tu privacidad
Canal de Telegram

26 feb 2007

Segu-Info » , , » Abierto vs Cerrado

Abierto vs Cerrado

26 feb 2007, 10:47:00 a.m.   Comenta primero!
  , ,  
A través de Slashdot encuentro este artículo de Richard Ford acerca de cómo “medir la seguridad” de productos de software, y cómo comparar la seguridad inherente a los proyectos open source comparados con los closed source.

Before wading into these dangerous waters, we should clarify the question. All too often when comparing open and closed source approaches, the question is unconsciously interpreted as Windows versus Linux. While that’s a fantastic question to knock around, doing so is a very narrow way of looking at the world, as it ignores many other projects in both the open and closed source worlds. Although it’s foolish to ignore the data points the Windows/Linux world provides, they are simply examples of the process. So, let us first strip away the misconception that the question is about these particular platforms and recognize its real breadth.

With this in mind, our answer requires three crucial definitions in order to have meaning: “What is open source?”; “What is closed source?”; and, surprisingly, “What is security?” The first two we can deal with quickly; the third is a lot subtler, however, so we shall tackle it first.

Así, definiendo que entendemos por open/closed source y por “seguridad”, podemos iniciar la discusión hablando de modelos de disclosure, y definiendo métricas como:

  • Probabilidades de violación de Confidencialidad/Integridad/Disponibilidad
  • Número de vulnerabilidades del producto (y número de “días de riesgo”)

Richard Ford termina conciliador (más o menos), diciendo que ciertos productos de software, como los anti-virus, debería ser closed source para ponérselo dificil a los hackers.

Such software is important, as it provides a first line of defense against rapid worms, which can become pandemic minutes after their initial release. Generally, such software is not theoretically secure - it is heuristic in nature and can be bypassed by an attacker with sufficient knowledge. This being the case, an open source approach is probably less attractive than a closed source one. Let’s at least make the life of the attacker a bit harder. If that sounds like security through obscurity, hold on to your seat for a moment: it is.

Fuente: http://www.areino.com/abierto-vs-cerrado/



Suscríbete a nuestro Boletín

0 Comments:

Publicar un comentario

Gracias por dejar un comentario en Segu-Info.

Gracias por comentar!