Linked by Thom Holwerda on Wed 15th Apr 2009 09:54 UTC
Bugs & Viruses Whenever the Conficker worm comes up here on OSNews (or any other site for that matter) there are always a number of people who point their fingers towards Redmond, stating that it's their fault Conifcker got out. While Microsoft has had some pretty lax responses to security threats in the past, it handled the whole Conficker thing perfectly, releasing a patch even before Conficker existed, and pushing it through Windows Update. In any case, this made me wonder about Linux distributions and security. What if a big security hole pops up in a Linux distribution - who will the Redmond-finger-pointing people hold responsible?
Thread beginning with comment 358736
To read all comments associated with this story, please click here.
wawrzyn
Member since:
2009-03-24

Good question, but not to easy to answer. The problem is, that as long, as we are considering proprietary software, we have well-known corporate paradigm of software development. In this scenario it's easy - or at least it should be easy - to select the responsible parties as all the responsibilities and duties are delegated to proper ones. So, it's obvious, once you have a real or possible security, stability or functionality issue, it's the responsibility of solution provider to solve it as fast as possible. We may say, such reaction is somehow contracted. What is that contract? Well, it depends on the solution - if it's a custom made system, it will be your contract and specification of requirements, if it's a mass product, like operating system, then it's a license, which has to be bought by end-user. If solution provider/software developer reacts quickly it means, this is a good brand, you may count on it. How it looks in the bazaar paradigm we all know from Free Software community? Of course, we, as a community, are responsible for the overall quality of solutions distributed on free licenses. As far as I can imagine, I see this paradigm to be at least at the same level of quality, if not even better, as for proprietary solutions available on the software market. So, to simply get you my answer. It's our choice - one will prefer to blame defined party (proprietary paradigm), the other one will prefer to divide the responsibility into N pieces. In both scenarios there is a group of responsible ones and the issue to be solved. I think, the most important thing for us - end-users - is to have all the issues resolved quickly. To be honest, finally, I'm die hard Slackware user, big Free Software enthusiast, but I see that in many occasions, that it's a good idea to buy a license, hire a consultant... I mean, to delegate a responsibility to other ones. Just to build effective solutions. In some scenarios, it's a good idea to promote Free Software, especially GNU/Linux, but in some others you have a wide choice of proprietary solutions, maybe not cheap, but worth your investments. So, the question "who is responsible" is very important during your choice. Sometimes it's better to pay some money to transfer the responsibility to the other party. It's like with the insurance - your contract with the software developer or a license for software solution is like insurance policy. In some other scenarios it's better to stay responsible for yourself. And as long as we're talking about divided responsibility, we should remember, that once the responsibility is divided, there are no responsible parties (believe me, I grew up in the socialistic reality where everything was shared, but no one felt responsible) or we are talking about utopia. For me, Free Software idea is a kind of utopia, yet the only one example on how, on some occasions, we may prove that the utopia can exist and, what is more important, can compete effectively with widely accepted reality. Nice idea, indeed. Worth investing some of our time.

Reply Score: 1