No magic bullet for security

No magic bullet for security.

Some say that open source software is inherently secure because the
“open source process” makes it so. Wrong. Open source software, and the
collaborative culture that surrounds it, have surely enhanced Firefox's
security. But also necessary is a disciplined approach to reducing the
attack surface area. And one of the most vocal and visible proponents
of that discipline today is … Microsoft.

The recent turnaround of the company's IIS (Internet
Information Services) Web server was remarkable. Version 5 was
security-challenged and widely deprecated, version 6 is rock-solid and
arguably safer than Apache. If the long-delayed refresh of Internet
Explorer has been rethought along similar lines, it could prove to be
an excellent platform on which to safely tap into the power of AJAX —
which, after all, Microsoft invented.

The open source and Microsoft cultures can complement one
another. I hope they will. If we're going to safely enjoy the benefits
of AJAX-style computing, we'll need all the help we can get. [Full
story at]

[Jon's Radio]

Leave a comment