The monoculture furphy
Marcus J Ranum debunks the monoculture security idea.
If the Onion had an IT section, this would be in it: Gartner Echoes Concerns in visionary "me too!" report.
...
I think there is a problem, but it's more about monopoly than monoculture. (As Ranum says: well, duh.) Microsoft's massive customer lock-in means that there has been not much real and sustainable competition in many areas of software.
Suppose you like distcc, but you think Linux security sucks. Well, recompile it for OpenBSD or Trusted Solaris or whatever floats your goat. Even if distcc were proprietary you could probably persuade me to port to OpenBSD because the costs of doing so are pretty low.
None of that would be possible if it were locked in to the Microsoft API: if you want the application, then you have to take the security you're given. And there are flow-on effects: it means that almost all the other code you use will be in C++, which has effects on security. Most of the hardware you buy will have been shaped by Windows Logo requirements.
posted Tue 27 Apr 2004 in /issues/security | link
Archives 2008: Apr Feb 2007: Jul May Feb Jan 2006: Dec Nov Oct Sep Aug Jul Jun Jan 2005: Sep Aug Jul Jun May Apr Mar Feb Jan 2004: Dec Nov Oct Sep Aug Jul Jun May Apr Mar Feb Jan 2003: Dec Nov Oct Sep Aug Jul Jun May
Copyright (C) 1999-2007 Martin Pool.