Linked by Thom Holwerda on Wed 15th Apr 2009 09:54 UTC
Bugs & Viruses Whenever the Conficker worm comes up here on OSNews (or any other site for that matter) there are always a number of people who point their fingers towards Redmond, stating that it's their fault Conifcker got out. While Microsoft has had some pretty lax responses to security threats in the past, it handled the whole Conficker thing perfectly, releasing a patch even before Conficker existed, and pushing it through Windows Update. In any case, this made me wonder about Linux distributions and security. What if a big security hole pops up in a Linux distribution - who will the Redmond-finger-pointing people hold responsible?
E-mail Print r 1   · Read More · 71 Comment(s)
Thread beginning with comment 358691
To read all comments associated with this story, please click here.
wrong question
by Craig on Wed 15th Apr 2009 16:44 UTC
Member since:

This is really the wrong question - which can easily be seen in the responses. When you search for someone to blame - you get into a mindset about how you (or your code) are better and everyone else is lazy, stupid, irresponsible, blah blah blah...

Rather than asking who is to blame, ask what accountabilities each persons has in the solution!

Everyone has a responsibility,
- the architect should design inheritably secure and maintainable systems.
- the coder should learn and practice writing secure code, and his peers should review code with security in mide
- the maintainer should patch security holes quickly
- the build system should automatically run software through the numerous validation systems out there that automatically identify basic security gaps (so our energies can be focused on finding real / difficult issues)
- the packager should ensure the software is installed in a secure fashion
- distributions should ship secure defaults, tools that help keep it secure when being reconfigured, and patch software quickly
- the administrator and support staff should understand security and configure/maintain computers securely
- the end user should ensure they install known software, remove software they don't use, and keep the system patched / up to date

Most importantly, journalists and other writers like yourself should create constructive conversations by not focusing on "blame" but focusing on "accountability". It breeds more creative, more considered, and broader thinking solutions... which results in more security.

Reply Score: 2