So the question is this: who is to blame when a crime is committed? Do you convict the gun or the crook when he robs a bank? Do you convict the crowbar or the crook when he pries open the door to a home and steals the jewelry? Do you convict the brick or the crook who uses it to smach a window in a store and steals a TV?Â
We know the answer to those questions. The crook is the criminal, not the tool. So bravo to Alan Shimel for this post where he stomps a mudhole in some folks for blaming Open Source code for security problems. Yes, Open Source tools are easier to come by than commercial products, but does anyone really think that script kiddies and other baddies would have no means to get those commercial products if Open Source tools were not available? Please…
Vet
I agree with Alan on this one as well, if the intent was to actually blame Open Source. After I posted about this on my blog I realized that McAfee “may” have meant to comment on what appears to be a more “collaborative” environment that these malware writers operate in. That may be a more defensible position.
I actually have more of an issue with the way McAfee is complaining about Full Disclosure (not the mailing list) methods. This is more than a little ironic considering their recent covert behavior around patching the ePolicy hole.
–Chris