[nycbug-talk] Security & monoculture

Francisco Reyes lists
Sun Jan 1 20:56:37 EST 2006


George R. writes:

> The issue of diversity and monoculture has been a major security debate 
> over the past several years.

Catching up with all my lists in the offdays. :-)
Was there a followup to your post? Don't see any..

 
> Anyway, more interested in opening the debate. . ..

Although I understand the idea behind why Monoculture can be a problem, by 
the same token using multiple Operating systems or different programs (ie 
using two types of Firewal, but same OS).. has it's own set of problems.

Although the discussion can go beyond Operating systems.. I will just 
discuss that one topic.

 I think it all comes down to the people implementing 
the system(s). Using a differetn OS, per se won't do much help if the people 
implementing it are not well versed in the second OS. Specially if a second 
OS is solely introduced for the effect of having more than one OS for 
security reasons. It is possible thet the people implementing the 
architecture may not be familiar with the second OS and end up compromising 
security because their lack of understanding of the second OS.

In an ideal world, where the people installing both operating systems are 
familiar with both, or there are two sets of people and each group is 
familiar with one OS.. in that scenario I think OS diversity is good.




More information about the talk mailing list