is open source more secure ? Post: 302331403

Sponsored Content

Special Forums Cybersecurity is open source more secure ? Post 302331403 by bakunin on Monday 6th of July 2009 05:41:14 AM

07-06-2009

Registered User

I agree with Neo. I'd like to split the matter into two distinct parts, a theoretical and a practical one.

Even theoretically-only spoken the matter of closed-source versus open-source remains complicated. A possible advantage of open-source is the peer-review process which can take place. But to capitalize on this advantage this process has to take place at all, which is in no way guaranteed by something being open-source at all.

A possible advantage of closed-source software would be the "security by obscurity" approach. Experience suggests that this is not a (lasting) security measure at all and in the case of compromised security there is a single possible source able to provide corrective services, whereas open-source software could be changed by everybody in theory, which still leaves a lot of possible authors of corrections in practice.

Approaching the problem on a practical level it has to be stated that "security" is - like "performance" for that matter - a relative term and cannot be used absolutely. There is some value of x you want to protect and there is some estimated effort of y needed to overcome your security measures. If x is (much) bigger than y you have a security problem, otherwise you haven't.

To appraise your security status simply put yourself into the place of the intruder: will it possibly pay off to overcome your defenses? Act, if the answer is "yes" or near there, otherwise don't bother.

It is similar to what i have countlessly told executives in meetings regarding "performance": you have some demand, which can be measured (in seconds, transactions completed, kilobytes, whatever) and there is a system having to meet the demand. It comes down to "does the system meet the specified demand - yes/no?" Performance is not being "fast" but "fast enough".

The same is true for security: what you protect and the efforts for protecting it have to be in proportion and the question is not "safe" but "safe enough".

bakunin

bakunin

View Public Profile for bakunin

Find all posts by bakunin

6 More Discussions You Might Find Interesting

1. Post Here to Contact Site Administrators and Moderators

open source for the forum

This is a slick looking forum. Any chance on making the code for the forum open source?

2. IP Networking

Open Source NMS

Hello there, I wanted to know the members' opinion about the best open source network management software which uses a web browser to show its interface and results. I am interested in the software for both windows and Linux OSs. Thanks.

3. UNIX for Dummies Questions & Answers

open source antivirus

Hello What is the best open source anti virus? Thanks

4. UNIX for Dummies Questions & Answers

what is the best open source antispam?

Hello what is the best open source antispam? Thanks http://www.linuxforums.org/forum/images/smilies/icon_smile.gif

5. Shell Programming and Scripting

Open Source

Hi Friends I'm new to this UNIX - I'm working on the porting project from Solaris To Linux i just want to map some commands from solaris to Linux so can any one please tell me how to get the source code of the commands like "ls", "cu", "du" Regards sabee

6. Fedora

Is UNIX an open source OS ?

Hi everyone, I know the following questions are noobish questions but I am asking them because I am confused about the basics of history behind UNIX and LINUX. Ok onto business, my questions are-: Was/Is UNIX ever an open source operating system ? If UNIX was...

LEARN ABOUT PHP

uniqid

UNIQID(3)								 1								 UNIQID(3)

uniqid - Generate a unique ID

SYNOPSIS

       string uniqid ([string  $prefix = ""], [bool  $more_entropy = false])

DESCRIPTION

	Gets a prefixed unique identifier based on the current time in microseconds.

       Warning

	       This  function does not create random nor unpredictable strings.  This function must not be used for security purposes. Use a cryp-
	      tographically secure random function/generator and cryptographically secure hash functions to create unpredictable secure IDs.

PARAMETERS

	      o $prefix
		- Can be useful, for instance, if you generate identifiers simultaneously on several hosts that might happen to generate the iden-
		tifier	at the same microsecond.  With an empty $prefix, the returned string will be 13 characters long. If $more_entropy is TRUE,
		it will be 23 characters.

	      o $more_entropy
		- If set to TRUE, uniqid(3) will add additional entropy (using the combined linear congruential  generator)  at  the  end  of  the
		return value, which increases the likelihood that the result will be unique.

RETURN VALUES

	Returns the unique identifier, as a string.

EXAMPLES

       Example #1

	      uniqid(3) Example

	      <?php
	      /* A uniqid, like: 4b3403665fea6 */
	      printf("uniqid(): %s
", uniqid());

	      /* We can also prefix the uniqid, this the same as
	       * doing:
	       *
	       * $uniqid = $prefix . uniqid();
	       * $uniqid = uniqid($prefix);
	       */
	      printf("uniqid('php_'): %s
", uniqid('php_'));

	      /* We can also activate the more_entropy parameter, which is
	       * required on some systems, like Cygwin. This makes uniqid()
	       * produce a value like: 4b340550242239.64159797
	       */
	      printf("uniqid('', true): %s
", uniqid('', true));
	      ?>

NOTES

       Caution

	       This  function does not generate cryptographically secure tokens, in fact without being passed any additional parameters the return
	      value  is  little  different  from  microtime(3).  If  you  need	to  generate  cryptographically  secure  tokens  use  openssl_ran-
	      dom_pseudo_bytes(3).

       Note

	       Under Cygwin, the $more_entropy must be set to TRUE for this function to work.

PHP Documentation Group 														 UNIQID(3)