Comments on: Thoughts about OpenOffice

By: Iang

Iang — Fri, 18 Aug 2006 09:05:02 +0000

There are security projects and then there are projects that talk about security. In the former group are projects like BSDs/SSH. In the latter camp are things like general user tools. In this case OO, MO, and also e.g., browsers.

The projects that aren’t security are often seduced into talking about security, and soon get themselves in a mess. It’s important to understand that these projects do not have security as a goal; and unless and until they decide and positively elect to take on security as a goal, they are doing what we might characterise as a middle-order, reactive form of security. That is, fixing bugs and trying not to slow down the good work in other areas too much.

We are talking about … the office and what users do there. In this sense, the reports just indicate furious agreement that these projects are not security projects, and won’t pass muster if treated as security projects.

By: Chris

Chris — Thu, 17 Aug 2006 21:29:18 +0000

OO could very well be less secure than MSO, but I will continue to use OO all the time it is the minority player in the Office Marketplace.
MSO and OO are only as dangerous as the people using and abusing them.
I have both MSO and OO, but prefer OO for reasons such as stability and cost, not for security.
Any lack of faith in the security of OO is nothing to do with the fact it is OpenSource. Far from it.
Mine is from a pure security aspect. If you swapped all users with MSO over to OO, and all the OO users to MSO, OO would become the tartget of the hackers. OO would suddenly have a user base more capable of finding the issues that usually remain hidden, (no matter how good you think the test coverage is, give a million monkeys a Moveable Type installation and you’ll have the complete works of Shakespeare in a week or so).
I’d prefer to remain security conscious no matter what I am using…