[nycbug-talk] Security & monoculture
Isaac Levy
ike
Fri Dec 9 13:31:05 EST 2005
Hey George, All,
On Dec 9, 2005, at 11:08 AM, George R. wrote:
> The issue of diversity and monoculture has been a major security
> debate over the past several years.
>
> Monoculture being the use of a single operating system family,
> applications and code throughout an environment, as opposed to
> having diversity. Okay, maybe I'm oversimplifying, but that's why
> you should read the article <g>
>
> USENIX had a great debate on this a while back at ATC, and an
> article in the current ;login: is referred to by Bruce Schneier's
> blog:
>
> http://www.schneier.com/blog/archives/2005/12/monocultures_an.html
>
> It's generally considered a Microsoft v 'the others' debate, but I
> think in some ways, this doesn't address the point of open source,
> standards, etc.
>
> The problem with Microsoft's approach to security goes beyond their
> monopoly. For instance, a 100% BSD environment is certainly
> different than a regular monoculture, not just because it is in the
> 'other' category, but because of code maturity, strong auditing, etc.
>
> Anyway, more interested in opening the debate. . ..
>
> g
Whaddya' mean monoculture? There's plenty of developers from diverse
cultural backgrounds working on OpenSSH. ;)
But seriously, I don't see any debate here, this is a pretty
fundamental topic. Thanks for posting the URL Gman.
Rocket-
.ike
More information about the talk
mailing list