[nycbug-talk] Security & monoculture
Fri Dec 9 11:08:10 EST 2005
The issue of diversity and monoculture has been a major security debate
over the past several years.
Monoculture being the use of a single operating system family,
applications and code throughout an environment, as opposed to having
diversity. Okay, maybe I'm oversimplifying, but that's why you should
read the article <g>
USENIX had a great debate on this a while back at ATC, and an article in
the current ;login: is referred to by Bruce Schneier's blog:
It's generally considered a Microsoft v 'the others' debate, but I think
in some ways, this doesn't address the point of open source, standards, etc.
The problem with Microsoft's approach to security goes beyond their
monopoly. For instance, a 100% BSD environment is certainly different
than a regular monoculture, not just because it is in the 'other'
category, but because of code maturity, strong auditing, etc.
Anyway, more interested in opening the debate. . ..
More information about the talk