On Sunday 15 November 2009 19:23:26 Kenneth Gonsalves wrote: > On Monday 16 Nov 2009 6:50:10 am Christophe Pettus wrote: > > On Nov 15, 2009, at 5:10 PM, Kenneth Gonsalves wrote: > > > I do also point out to plone vs drupal, but there again the > > > argument is the drupal is more widely used and hence has more > > > observable > > > vulnerabilities. It does not sound logical. > > > > I don't think that anyone is seriously arguing that a piece of > > software being widely adopted somehow creates new security > > vulnerabilities in it. I believe the assumption is that all software > > of a given level of complexity has roughly the same number of > > vulnerabilities, either exposed or hidden. Thus, the more used a > > piece of software, the more attention the bad guys give it, and thus > > the more of those hidden security problems become exposed. > > it is precisely this assumption that does not seem logical to me. But > frankly I do not know how to counter it ;-) >
How is it not logical? Product A is widely used, Product B is used less. Bad
Guy A. is smart enough to realize that product A if broken can be used to gain
him more presents because more users have it. This is because of the human
condition of laziness and the majority are not really paying attention to what
they are doing. This is a fact. If you're one that thinks about everything
they are doing, i.e. every litteral step yout take down the hall is carefully
planned. Then you are most likely going to avoid Bad Guy A, and be a
minority. I hardly meet people who do this, they just act without thinking.
Its illogical to think that everyone or the majority will not succumb to
laziness because this is our ideal goal as a society. Everything we build do
is to make our lives easier so we can be lazy without worry.
Mike
--
The chat program is in public domain. This is not the GNU public license.
If it breaks then you get to keep both pieces.
-- Copyright notice for the chat program
signature.asc
Description: This is a digitally signed message part.
