Security and the Open Source Model Michael H. Warfield Internet Security Systems Inc mhw@wittsend.com Atlanta Linux Showcase October 15, 1999

Table of Contents

Security and the Open Source Model Michael H. Warfield Internet Security Systems Inc mhw@wittsend.com Atlanta Linux Showcase October 15, 1999

Notes for Note Takers

Disclaimer on Terminology

Objective

Introduction

The Skeptics

Depending on Secrecy

Secrecy plus Security

The Nature of Common Sense

The Nature of Secure Systems

Myths of security and open source

No Source Control

No one "really" looks at the source

The source can be trapdoored

Hackers will find the holes

Open source contributes to quality

Peer review and code review

Secure coding techniques

Commercial Advantage Issues

Fear of the Unknown

Under Fire

Slide 22

An Attack Becomes Known

Slide 24

Trojan Horse or Sabotage?

Slide 26

Conspiracies and FUD

FUD and PGP Keys

A FUD Attack?

Slide 30

Responding to FUD

Our Task

Eternal Vigilance

Conclusion

Credits

Security and the Open Source Model Michael H. Warfield Internet Security Systems Inc mhw@wittsend.com http://www.wittsend.com/mhw/1999/oss_security/

View Text Version