[Gufsc] Coverage in German Publication and ISJ (fwd)
Paulo Manoel Mafra
mafra em das.ufsc.br
Quarta Abril 21 09:22:59 BRT 2004
-----BEGIN PGP SIGNED MESSAGE-----
me parece um artigo interessante, mas esta escrito em alemao, ninguem
merece :-)
Paulo Manoel Mafra
LCMI - Laboratorio de Controle e Micro Informatica
Departamento de Automação e Sistemas - UFSC
- ---------- Forwarded message ----------
Date: Tue, 20 Apr 2004 22:13:42 +0200
From: "[ISO-8859-15] Jan Krüger" <jk at microgalaxy.net>
To: misc at openbsd.org
Subject: Coverage in German Publication and ISJ
OpenBSD is covered in the German "Open Source Jahrbuch 2004" which is
available here: http://www.think-ahead.org/
In the article beginning on page 223 of the PDF:
"Sicherheit mit OpenSource"
(Security with OpenSource)
from Robert A. Gehring is cited and explained, besides other things, a
former Research Work of Christian Payne from the year 2002 (find this
passage beginning on page 234) in which he evaluates the security of
Debian, Solaris and OpenBSD. In short the Result on a score where
higher is better:
Debian: -1,0
Solaris: -3,5
OpenBSD: 10,2
"[W]hile the source code for the Debian system is available for anyone
who cares to examine it, the OpenBSD source code is regularly and
purposefully examined with the explicit intention of finding and
fixing security holes (Payne, 1999), (Payne, 2000). Thus it is this
auditing work, rather than simply the general availability of source
code, that is responsible for OpenBSD s low number of security
problems. This point bears repeating: software will not become
automatically more secure by virtue of its source code being
published. (2002, S. 76)"
All the other text is in German.
The original article from Payne appeared in the Information Systems
Journal, Volume 12 Issue 1 Page 1-78, January 2002,
beginning on page 61.
And can be bought here for half the price of OpenBSD:
http://www.blackwell-synergy.com/servlet/useragent?
func=synergy&synergyAction=showTOC&journalCode=isj&
volume=12&issue=1&year=2002&part=null
In (Payne, 1999) Payne developed the Model for the numeric evaluation
of Software. Sorry, I was unable to find it.
Gruß
Jan
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQEVAwUBQIZnrpiA/0P9HrSNAQGIJgf9HrH+a/zV3Hv9VmDnFRLaMl33sZJ9r+AE
uuIB8dQ/SlJlGShy47TfHQAp6y6pyp6jvtvBRJU32vs+89uWbCaf4KBYHkqfhD4N
xl56RycSXi5U+ylnR1dLerlzHpUploBp9dxOGFAI0rpX8uW6ncMap4Qggg63/n+K
fT7tQ+URgT1vfkd7DQCCvNeBWwsKDJ2Kr391qkPwGMhsXeNY815U5zIJQic1vk24
ogXXN7CJYmqDCvS9oONdMJSkkMlx6fnl6OrVCPRrXFMQ7FX4carHq91Nx+q4sFsC
SbaSEXVEJMzx3v781ihGNtr9Zpfqmjv14GQoS+zp/I9sY2qsPahkyA==
=Ivxr
-----END PGP SIGNATURE-----
Mais detalhes sobre a lista de discussão Gufsc