|
| -----Original Message----- | [mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of Adam Lang | But again, it is point of view. I assume we can agree that, due to the | nature of it, bad guys have more incentive to crack someone's program for | personal gain than a good guy to spend time to crack it to fix someone | else's work that he really isn't able to do legally. Agreed. | But say the code is freely available and legal to look at. With | no fear of | reprecussion, the good guy can put time in as a good samritan or for their | own benefit whereas the true bad guy really gains no edge since he would | have devoted time to reverse engineer it anyway. He is just | being saved on | that time. That contradicts what we just agreed on. It is not the fear of legal repercussions that inhibits "the good guys". The theory still remains that the good samaritans are smarter than the bad samaritans. Probabilities being what they are, I give the edge to those who are incented the most. Some of these bad guys, btw, are incented because their lives literally depend on not getting caught. | | The bad guys are going to try to find flaws whether they are allowed to or | not, whereas more good guys will try to find flaws, and report | them, if they | don't have to risk jail time. This is the hope, but the facts have shown otherwise. | > This is an arrogant assumption, imv, and not supported by any | facts that I | > know of. Not that the good guys don't do an IMMENSE amount of | good work, | > but it Only Takes One bad guy to be successful and the house of cards | comes | > down. It doesn't matter How much good the good guys do, if that one bad | guy | > is successful, unfortunately. Speed of correction is a moot point, once | the | > ballot boxes have been stuffed and people wrongly elected. | | And that is true, all it takes is one, but the point is trying to | eliminate | the amount of possibilities. Again, and I don't mean disrespect, but do the math. All it takes is one. | More people auditing the code relates to a | higher chance of discovering a bug. Windows has been regarded as an | unsecure OS for a long time. Do you think if chunks of source code were | freely allowed to be audited, it would make it even more unsecure? Yes, for the reasons I've said above. | > As Jim Franz just pointed out, there are very dedicated people | who (either | > by looking at code, reverse-engineering, trial-and-error) ARE finding a | > large number of the most dangerous holes. There is a guy in Europe | (forget | > name, and there are several groups, afaik) who has been doing this for | > years, and been quite successful in finding these flaws, by whatever | > techniques he uses. | | And you wonder how much more successful they would be if they | didn't have to | spend time reverse engineering. Obviously there are very smart people out | there that have their own motivation to crack software. Just as there are | very smart bad guys out there that have motivation to crack software. I think they would be much MORE successful if they had access to code. (By reverse engineering, they do.) I remain to be convinced that they have their lives hanging in the balance, is all. And, taking only one successful person to bring down either the Linux or Windows houses of cards, I look at the odds.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
