Open Source Computing
Week 12, Apr 6
Open-source security issues:
- open source code makes vulnerabilities easier to find: probably not
much
- open source makes it easier to identify vulns as soon as the patch is
out, before users have upgraded: this is an issue
- open source organizations don't have the resources to analyze code as
carefully: maybe
- hackers can sneak vulns into the codebase: surprisingly rare, but a
potential issue
- Projects built on open source components may need to get those
components updated/patched regularly.
- open source is definitely easier to trust
But let's not forget the structural reasons why MS Windows security has
been so difficult: hard-to-audit settings, license restrictions on backup
installations, compromises to address user revolt
Start with review of Heartbleed
Wednesday:start with Windows Security
Look at kernel code
github.com/torvalds/linux/blob/master/net/ipv4/tcp.c
github.com/torvalds/linux/blob/master/net/ipv4/tcp_cong.c
github.com/torvalds/linux/blob/master/include/net/tcp.h
What next?
