The widespread acceptance of open source continues to grow as a cost-effective alternative to traditional network deployments. Well-known projects such as Linux have proven themselves to be in the enterprise environment, helping to dispel the fear, uncertainty and doubt preceding open source implementations. In the past two years, the industry has begun to shift from a total dependence on proprietary applications to a desire for more cost-effective, scalable and collaborative solutions.
To read all comments associated with this story, please click here.
Member since:2005-10-02
Member since:2005-07-06
Member since:2005-07-06
Who said anything about OpenBSD; proprietary vendors not only have to worry about their own products but products that rely on their own products; they have to ensure that in the process of fixing up a flaw, that in the same process they don't end up breaking compatibility with something that relies on it.
With that being said, however, I think the issue shouldn't necessarily be one of 'excusing' delays but instead asking why these companies haven't setup better communication with their partners so that rather than compromising on security fixes for the sake of compatibility, their partners are the first to know about the fix plus what has been fixed so that partners can issue updates for their respective tools at the same time updates are released for the main programme in question.
Member since:2005-07-06
Member since:
2005-07-06
Pointing to the thousands of open source contributors on any given project, developers note that any discovered vulnerability is likely to be fixed within hours, whereas a security flaw in a proprietary application may not be fixed for several days depending on the backlog.
There's usually a reason for that. For important security flaws, they'll fix it right away, but they need to do regression testing, determine if the same flaw exists elsewhere, etc. It's not just a quick hack and they're happy.