[olug] Solar Winds Fallout

Dan Linder dan at linder.org
Tue Jan 5 10:44:08 CST 2021

I like seeing this:

> [...]Microsoft claims it's no big deal.
> That's because Microsoft has "an inner-source approach – the use of
> open-source software development best practices and an open-source-like
> culture – to make source code viewable within Microsoft." *It's nice that
> Microsoft is admitting that the open-source approach is the right one for
> security* -- something I and other open-source advocates have been saying
> for decades. But, inner source isn't the same thing as open source.
> When hackers, not Microsoft developers, have access to proprietary code,
> the door's open for attacks. True, Microsoft's "threat models assume that
> attackers have knowledge of source code. *So viewing source code isn't
> tied to elevation of risk.*" But, making that assumption is one thing.
> Dealing with reality is something else.

I've had a really hard time convincing co-workers/executives of this - at
least now we have a big name company demonstrating it in use.  It doesn't
make what happened any better...

Now if we could just get the laws changed so finding and reporting
(reasonably responsibly) security issues and researching security issues
are not vilified or outright illegal.


On Tue, Jan 5, 2021 at 8:46 AM Dave Thacker <dthacker9 at gmail.com> wrote:

> Gets uglier and uglier.
> https://www.zdnet.com/article/solarwinds-the-more-we-learn-the-worse-it-looks/
> --
> Dave Thacker
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://www.olug.org/mailman/listinfo/olug

***************** ************* *********** ******* ***** *** **
"If you wish to make an apple pie from scratch,
  you must first invent the universe."
  -- Carl Sagan

"Quis custodiet ipsos custodes?"
    (Who can watch the watchmen?)
    -- from the Satires of Juvenal

"I do not fear computers, I fear the lack of them."
    -- Isaac Asimov (Author)
** *** ***** ******* *********** ************* *****************

More information about the OLUG mailing list