110 likes | 262 Views
Secure Operating Systems. Lesson 10h: Open versus Closed Source. Where are we?. Time for a debate: open versus closed source systems We’ve pretty much done with a lot of the core topics, yay!. Open Source. For the sake of discussion, what do we mean by “open source”?.
E N D
Secure Operating Systems Lesson 10h: Open versus Closed Source
Where are we? • Time for a debate: open versus closed source systems • We’ve pretty much done with a lot of the core topics, yay!
Open Source • For the sake of discussion, what do we mean by “open source”?
Arguments for Open Source? • “Many eyeballs” • Makes security through obscurity “impossible” • Opens up code reuse… (is this a pro or a con?) • Allows someone to patch their own system once a vuln is announced (can also be a con)
Arguments for Closed Source? • Patch management is simplified – harder to reverse engineer exploit • Cost to the attacker (possibly false sense of security though) • More control – paid employees • Centralized
Data: Days of Risk? • What meaningful things can we measure about OS security? Well, one is days of risk
We found a vuln, oh noes! • Open Source: • Closed Source:
Modular v. Monolithic? • Open Source: • Closed Source:
To Do • Read “A Tale of Four Kernels”
Questions & Comments • What do you want to know?