[nycbug-talk] Security & monoculture

Isaac Levy ike
Fri Dec 9 13:31:05 EST 2005

Hey George, All,

On Dec 9, 2005, at 11:08 AM, George R. wrote:

> The issue of diversity and monoculture has been a major security  
> debate over the past several years.
> Monoculture being the use of a single operating system family,  
> applications and code throughout an environment, as opposed to  
> having diversity.  Okay, maybe I'm oversimplifying, but that's why  
> you should read the article <g>
> USENIX had a great debate on this a while back at ATC, and an  
> article in the current ;login: is referred to by Bruce Schneier's  
> blog:
> http://www.schneier.com/blog/archives/2005/12/monocultures_an.html
> It's generally considered a Microsoft v 'the others' debate, but I  
> think in some ways, this doesn't address the point of open source,  
> standards, etc.
> The problem with Microsoft's approach to security goes beyond their  
> monopoly.  For instance, a 100% BSD environment is certainly  
> different than a regular monoculture, not just because it is in the  
> 'other' category, but because of code maturity, strong auditing, etc.
> Anyway, more interested in opening the debate. . ..
> g

Whaddya' mean monoculture?  There's plenty of developers from diverse  
cultural backgrounds working on OpenSSH. ;)

But seriously, I don't see any debate here, this is a pretty  
fundamental topic.  Thanks for posting the URL Gman.


More information about the talk mailing list