[nycbug-talk] Security & monoculture

George R. george
Fri Dec 9 11:08:10 EST 2005

The issue of diversity and monoculture has been a major security debate 
over the past several years.

Monoculture being the use of a single operating system family, 
applications and code throughout an environment, as opposed to having 
diversity.  Okay, maybe I'm oversimplifying, but that's why you should 
read the article <g>

USENIX had a great debate on this a while back at ATC, and an article in 
the current ;login: is referred to by Bruce Schneier's blog:


It's generally considered a Microsoft v 'the others' debate, but I think 
in some ways, this doesn't address the point of open source, standards, etc.

The problem with Microsoft's approach to security goes beyond their 
monopoly.  For instance, a 100% BSD environment is certainly different 
than a regular monoculture, not just because it is in the 'other' 
category, but because of code maturity, strong auditing, etc.

Anyway, more interested in opening the debate. . ..


More information about the talk mailing list