[nycbug-talk] Security & monoculture
George R.
george
Fri Dec 9 11:08:10 EST 2005
The issue of diversity and monoculture has been a major security debate
over the past several years.
Monoculture being the use of a single operating system family,
applications and code throughout an environment, as opposed to having
diversity. Okay, maybe I'm oversimplifying, but that's why you should
read the article <g>
USENIX had a great debate on this a while back at ATC, and an article in
the current ;login: is referred to by Bruce Schneier's blog:
http://www.schneier.com/blog/archives/2005/12/monocultures_an.html
It's generally considered a Microsoft v 'the others' debate, but I think
in some ways, this doesn't address the point of open source, standards, etc.
The problem with Microsoft's approach to security goes beyond their
monopoly. For instance, a 100% BSD environment is certainly different
than a regular monoculture, not just because it is in the 'other'
category, but because of code maturity, strong auditing, etc.
Anyway, more interested in opening the debate. . ..
g
More information about the talk
mailing list