Security and open source
by Roger Needham
Security problems in software are of course an extremely bad thing, regardless of the business model under which the software was written. I want to consider why anybody thinks that the business model matters, and whether there is evidence that it does. I shall also look somewhat to the future.

Are security bugs different from ordinary bugs? This is a relevant question to follow Ross Andersonís talk. On balance I would claim that they are, not for a technical but for a social reason. Consider a paradigmatic "ordinary" bug, such as a library that wrongly calculates the square root of 2, while apparently doing everything else right. After a certain amount of hilarity the community response would be either to use a different library, or, more likely, to avoid taking the square root of 2. If a security bug is found in a system there is a community of people who make it their personal priority to make the wrong behavior happen, typically in other peopleís computers. This must affect any kind of statistical analysis.

Download the paper in PDF format here.

Spotlight

eBook: Cybersecurity for Dummies

Posted on 16 December 2014.  |  APTs have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cybercriminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //