OSS vs Proprietry Patching

Dominic White

 
Random Entry: The 'this is me' phenomenon
< Patch Install Policy Pitfalls | Linux.RST.b >

OSS vs Proprietry Patching

I just read this interesting paper/poster. The conclusion of the paper is:

"The arguments favoring the inherent security of open source software do not appear to hold up to scrutiny. These findings provide evidence to security managers to focus more on holistic software security management, irrespective of the proprietary-nature of the underlying software."

It took me a while to figure out the stats-speak, but it seems that there were three primary hypotheses:

  1. OSS patches faster than proprietary.
  2. OSS has fewer vulnerabilities.
  3. OSS patch high severity patches faster.
The research concludes that 1 is only a little true, that 2 is false and that 3 is true. This seems a contradiction to the conclusion above that the arguments for OSS security don't hold up. In addition the reasearch looked primarily at operating systems which may not be a good indicator of the whole OSS vs Proprietary debate as the paper claims. I wonder if Microsoft's patch tuesday and corresponding exploit wednesday in 2004 provided the slight deviation on vulnerability release times.

I will be writing a two page paper on this and patching for the other side of the digital divide for SATNAC.


Wednesday, June 1. 2005
Posted by Dominic White in Masters
Comments (0) | Trackbacks (0)

Last modified on 2005-07-28 08:26
 

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

No comments

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA