Thread: most secure open CMS?
View Single Post
  #8 (permalink)  
Old 01-15-2009, 04:15 AM
MrGamm's Avatar
MrGamm MrGamm is offline
WebProWorld Pro
  
Join Date: Dec 2007
Posts: 268
MrGamm RepRank 3MrGamm RepRank 3
Default Re: most secure open CMS?
Quote:
Originally Posted by deepsand View Post


Why?

You apparently make the assumption, without substantiation, that proprietary code is somehow better and/or more secure than is open source code.

Not only is proprietary code not guaranteed to be of a better quality, but, it is not necessarily less accessible than is open source code. More importantly, knowledge of the source code is not necessary in order to be vulnerable.

As one who began programming in 1958-59, in octal machine code on PENNSTAC, I cannot begin to recall the number of times that I've hacked an OS or application with access to no more than the binary machine code.


This is no more than a conclusion based on facts not in evidence.

Your credentials and experience do not change the fact that a larger audience of relatively inexperienced programmers now have the capabilities to attack those who choose to go it their own with an open source project.

Are you suggesting that the majority of open source projects are of higher quality than closed source programs?

What exactly are you suggesting? That it's better to righteously defend the open source movement with zealotry rather than focus on it's flaws and look towards a better solution?

Quote:
These are the folks that run web servers on IIS instead of Apache.
You are right to think that IIS is more prone to serve malware. In China and South Korea.

The Google Malware statistics are your best bet for understanding the damage a piece of software is inflicting on others. It has nothing to do with the numbers of bugs reported, flaws fixed or security updates sent.

http://googleonlinesecurity.blogspot...d-malware.html

The puzzling thing in those statistics is the relatively high number of malware servers running linux in Germany. Are the germans all around more experienced and better programmers? Are they more prone to be attacked? Are they more prone to attack other with thier servers?



In any event... The open source community should follow the lead of some of the more well known closed source vendors and offer to service the software which they build. Many of them do. All of them need to. Closed source or open source being irrelevant.

If your CMS is not offering you one click easy security patches and taking responsibility for their software. Consider finding a vendor who does. That's the bottom line. A good analogy would be the seal which voids the warranty on your electronics device. If you break the seal. Consider it broken and no longer supported. If your electronic device did not come with a warranty. Understand nobody planned on it working in the first place.
__________________
James Weisbrod - programmer
Last edited by MrGamm; 01-15-2009 at 04:39 AM.
Reply With Quote