Linked by Mark Tolliver on Thu 13th Sep 2007 08:14 UTC
Editorial The widespread acceptance of open source continues to grow as a cost-effective alternative to traditional network deployments. Well-known projects such as Linux have proven themselves to be in the enterprise environment, helping to dispel the fear, uncertainty and doubt preceding open source implementations. In the past two years, the industry has begun to shift from a total dependence on proprietary applications to a desire for more cost-effective, scalable and collaborative solutions.
Thread beginning with comment 271064
To read all comments associated with this story, please click here.
Response times
by sappyvcv on Thu 13th Sep 2007 15:23 UTC
sappyvcv
Member since:
2005-07-06

Pointing to the thousands of open source contributors on any given project, developers note that any discovered vulnerability is likely to be fixed within hours, whereas a security flaw in a proprietary application may not be fixed for several days depending on the backlog.

There's usually a reason for that. For important security flaws, they'll fix it right away, but they need to do regression testing, determine if the same flaw exists elsewhere, etc. It's not just a quick hack and they're happy.

Reply Score: 2

RE: Response times
by dylansmrjones on Thu 13th Sep 2007 15:42 in reply to "Response times"
dylansmrjones Member since:
2005-10-02

So basically you're saying OpenBSD is a quick hack?

Reply Parent Score: 4

RE[2]: Response times
by sappyvcv on Thu 13th Sep 2007 16:47 in reply to "RE: Response times"
sappyvcv Member since:
2005-07-06

Huh? Did you misread what I said?

How often has OpenBSD had to fix a serious security hole? How fast did they fix it?

Edited 2007-09-13 16:47

Reply Parent Score: 2

RE[2]: Response times
by kaiwai on Thu 13th Sep 2007 16:52 in reply to "RE: Response times"
kaiwai Member since:
2005-07-06

Who said anything about OpenBSD; proprietary vendors not only have to worry about their own products but products that rely on their own products; they have to ensure that in the process of fixing up a flaw, that in the same process they don't end up breaking compatibility with something that relies on it.

With that being said, however, I think the issue shouldn't necessarily be one of 'excusing' delays but instead asking why these companies haven't setup better communication with their partners so that rather than compromising on security fixes for the sake of compatibility, their partners are the first to know about the fix plus what has been fixed so that partners can issue updates for their respective tools at the same time updates are released for the main programme in question.

Reply Parent Score: 2

RE[2]: Response times
by sappyvcv on Thu 13th Sep 2007 21:20 in reply to "RE: Response times"
sappyvcv Member since:
2005-07-06

And for the record, your poor failed attempt to simplify what I said was disingenuous.

Reply Parent Score: 1