Opensource Team

From CyberSecurity
Revision as of 06:32, 30 November 2005 by Iali (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contacts

Imran (iali@microsoft.com) Osama (osamam@microsoft.com) Asad (asadj@microsoft.com) Derek (derekch@microsoft.com) Jared (jared_smelser@yahoo.com)

1. What is open source? [JARED]

Types of Open Source Software. A discussion of the concept of open source and the open source community. We will also study/discuss how is the open source software produced, distributed and supported? Does open source provide a “complete” solution for a home user, corporate user eg Walmart?

2. Inherent Security Advantages [ASAD]

The code gets reviewed by a lot of computer “geeks” which means it goes through a lot of scrutiny. How much does this really help catch security flaws before they get exploited? Study how the information gets distributed when a security flaw is discovered. Is open source community more forthcoming in acknowledging the flaw and fixing the problem?

3. Inherent Security Disadvantages [DEREK]

Is the free distribution of source code a good thing? Are there any known cases where vulnerabilities were easier to exploit because the source was easily available. Does this make open source in secure by definition?

Open source community’s response to cyber attacks.: Who is responsible for patching security flaws in open source products? How are fixes distributed?

How do you make a responsible disclosure of a open source vulnerability?

What is the recourse for cyber attack victims? Can they sue someone for damages? Are there any known cases in the industry?

4. Comparison of security in open source vs other products.[JARED]

How has open source performed in the industry compared to other products? Has it traditionally been more secure? What is the perception of the users? Do they feel more secure with open source? How do open source security “incidents” compare to non-open source products.

5. Case Study 1: Linux VS Windows [OSAMA]

In this case study we will look at the security features of the two operating systems. We will also discuss the security flaws discovered in Linux and Windows over the years, how these flaws were discovered, what was the response, what was the damage caused? How did similar flaws play out in the two?

6. Case Study 2: MySQL VS SQL Server and Oracle [ASAD]

A similar study as the OSs but this is at the application level.

7. Case Study 3: IE vs Netscape vs Firefox [IMRAN]

A study at the browser level

8. Conclusions [DEREK]

Retrieved from "http://cubist.cs.washington.edu/CyberSecurity/index.php?title=Opensource_Team&oldid=3015"