* David Conrad: > Software diversity is a tool that network administrators use to > improve resiliency in their infrastructure. I agree it is not a > silver bullet but if I was building out critical infrastructure like > (oh say) a root server or a resolver cloud that my customers depend > on, I would want to minimize the risk that my infrastructure was > vulnerable to a single bug.
When you aim for diversity, you get the union of all bugs, not the intersection. (Same with complex firewalling software: the application which needs to be protecting needs to be *really* bad that a firewall in front of it makes the overall bug count go down.) Even the effect on resiliency is limited because bugs in independently written pieces of software are not random, but are somewhat correlated. And regarding denial of service, ripping out TCP/IP and replacing it with something that has working denial-of-service capabilities (by pushing the impact closer to the sources, say) is simply not an option for many operators. _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
