7 comments

[ 3.9 ms ] story [ 33.8 ms ] thread
Very interesting conclusion on this post.
I heard linux is secured!! Should I (we) stop using gui to be secured?
The desktop is pretty insecure whatever OS you use.

If you want a secure platform iOS is your best bet

I agree.

Also for server security, vendor bloat is as much a problem for Linux as it was for Microsoft (since always). Microsoft went through decades[1] of ridicule which resulted into immense internal pressure to improve security.

When you compare major linux distros now (and look at the lkml or other open source communities) then Linux hasn't changed much since the 90ies. It's still full of people who are almost religious when it comes to accepting that just because a system is open source doesn't automatically make it more secure.

Monolothic kernel with containers? anyone who has the luxury of starting new (Like Linus in the 90ies) would point the finger and laugh. Some people laugh now, but nobody hears them because we already have this cool thing called linux so why would you re-invent the wheel ...? (so seems the logic towards anyone who questions the design) ... If you say Linux is less secure than Microsoft or Apple you must be a troll (is the answer to most who dare to say apple / microsoft are more secure than Linux)

[1] http://trustworthycomputing.com

> If you want a secure platform iOS is your best bet

iOS is far from secure, just this week they released 3 huge security breaches fix. There is even in this release a somewhat similar issue where playing a malicious audio file would allow you to run arbitrary code.

> The computer security industry has a serious conflict of interest right now. There is major financial motivation for researchers to find and disclose vulnerability to exploit brokers (...)

> To improve security for everyone we need to find sustainable ways to incentivize researchers to find and disclose issues and to get bugs fixed. We can’t and we shouldn’t rely on researchers giving away their work for free to for-profit vendors.

This. Despite that being said (using other words) in some other blogs and reports, this is the main point of bug haunting. People have to eat and live, in the end of the day, and when the dark side pays much more that the brighter one, it's hard to defend that only responsible disclosures will happen. Because, well, it won't work like that.