Maker tech hub — AI · 3D print · Pi · ESP32 · plus the classic tech archive.

Free ESP32 kit · Books · Network Ninja · Archive

Classic tech archive. From the original averyjparker.com tech blog — historical context; pair with modern guides where noted. Full archive · Maker projects · Network Ninja

Classic tip · Classic

The "secure software" dilemma

It's quite a dilemma when a software product is billed as more secure than another.... several days back when Mozilla Firefox released v. 1.5.0.4 which fixed a number of security issues, I saw someon…

Written by

Avery J. Parker

IT veteran, maker educator, and author of Network Ninja, 3D Printing Mastery, and AI Workflow Mastery. Business IT: Diversified Tech Solutions.

It's quite a dilemma when a software product is billed as more secure than another.... several days back when Mozilla Firefox released v. 1.5.0.4 which fixed a number of security issues, I saw someone comment "I thought firefox was supposed to be secure." I think there's a misunderstanding when it comes to software. I think the misunderstanding is that one piece of software can be secure and another not. Out of the box. Let's take a stab at clarifying.... Security is not a product, it's not a feature, it's a way of doing things. Along those lines....


Someone points out that linux is insecure. The point is very good, well taken and well done. The writer drives home the point by using cars as analogy. They say, linux is more secure than windows, (from the article) "If we were talking cars, Linux would be a Volvo S80 and Windows would be a Ford "Hit here to blow up" Pinto."

The point though is that ANY car can be involved in a wreck, so a "secure" car doesn't immunize you against a wreck. Driving practices CAN protect against a wreck though. The same is true with computers, secure PRACTICES can prevent security breaches. The same is true in the development of software such as firefox. Being responsive to security disclosures is one way that a software product can be considered "more secure" than another. From what I've seen, mozilla seems to be fairly responsive when they're advised of security issues with firefox. I've seen anectdotal reports of a very sluggish response at Microsoft with similar issues. Some areas of the web seem to be filled with stories of "I reported xyz vulnerability to Microsoft xxxx months ago and they're still investigating, so I'm disclosing publicly to "increase pressure" on them to react".

Just because software is considered more secure, it's not bullet proof, it will need updates and other safe working habits.