Dealing with security in an open source environment is very different from what you do in a closed source project. Using examples of security vulnerabilities and enhancements of the past couple of years, this talk will discuss the advantages and disadvantages of open source when it comes to implementing and enforcing security, and dealing with vulnerabilities.

Of course, the central focus will be on successes (and failures) of various projects and applications used on Linux, but I will also cover a few examples of closed source projects I encountered.

Finally, I will also discuss some strategies for dealing with security vulnerabilities, managing the publicity resulting from them, and the politics sometimes involved in this.

The author got hooked on Linux around the time 0.96c was released, despite having to sell his Atari and buy a huge shoe-box shaped thing containing an Intel processor, an ISA bus, and several cards that would act strangely when inserted into the wrong ISA slot. He never looked back, though.

He's the author of the Linux Network Administrator's Guide, and wrote large parts of the Linux NFS implementation. Olaf got involved in Linux security in 1995, and has been ever since. He was Security Officer while working for LST and Caldera for 5 1/2 years, and recently joined SuSE, where he is involved in the security team.