ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    ownCloud most secure open source file sync and share - yeah, right...

    News
    storage owncloud security
    5
    7
    1.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jospoortvlietJ
      jospoortvliet Vendor
      last edited by scottalanmiller

      ... according to a blog by our security guy. Yeah, look who's talking, but I think it is, in general, an interesting blog. He attacks the simple view of just looking at the number of security advisories and drawing conclusions from that:
      "Many vendors tend to not disclose their security problems which makes them look better if one simply looks at factors such as amounts of the advisories."
      and
      "If we’d stop putting so much effort into finding and fixing security problems, which would decrease the number of advisories, ownCloud wouldn’t necessarily become more secure."

      He uses some decent math to make his point and I think this can be informative about other projects, too.

      Find his blog here.
      Enjoy 😉

      fixed-and-discovered-vulns-per-year.png

      1 Reply Last reply Reply Quote 2
      • dafyreD
        dafyre
        last edited by

        In IT Land, we all should know and expect vulnerabilities in every application we use. It is good to see some companies being up front about it, and not threatening security researchers with legal action like some other companies... cough Oracle cough.

        You guys make a great system! Keep up the good work!

        1 Reply Last reply Reply Quote 2
        • gjacobseG
          gjacobse
          last edited by

          I have thought that if you want secure, you have it encased in concrete, with layers of 2" thick plates of steel and then buried at the bottom of a volcano...

          Otherwise.. anyone who wants it bad enough will go after it.

          jospoortvlietJ 1 Reply Last reply Reply Quote 1
          • Reid CooperR
            Reid Cooper
            last edited by

            Thanks, very interesting.

            1 Reply Last reply Reply Quote 0
            • jospoortvlietJ
              jospoortvliet Vendor @gjacobse
              last edited by

              @gjacobse yeah, entirely safe is not possible. And of course, large companies (think of Dropbox, Google etc) have huge numbers of security people and tools and I bet they create very secure software. Thing is, as you say, entirely safe is not possible and these big boys are very interesting targets while your ownCloud running on your private server isn't... So in practice, decentralization might still be the better option. Everything can be hacked but you're a lot less interesting on your own little server than together with everybody else 😄

              1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller
                last edited by

                Plus open source adds the potential for more eyeballs on the code, better audits, more review, etc.

                1 Reply Last reply Reply Quote 2
                • jospoortvlietJ
                  jospoortvliet Vendor
                  last edited by

                  Yup, our security guy is a big believer in "Linus' law": "many eyeballs make all bugs shallow" or something like that 😄

                  1 Reply Last reply Reply Quote 1
                  • 1 / 1
                  • First post
                    Last post