GM (Gary McGraw): Not at all. Open source is NOT more secure than proprietary software. Nor is the open source philosophy more condusive to producing secure code. In fact, economics are on the side of proprietary software vendors who can pay people to carry out security analysis. In the end software is software, and we need to work on it all.
Some good work has been published on this issue. I encourage you to check out the Proceedings of the IEEE Security and Privacy conference (Oakland) from 1999 for a number of good papers showing why this is really a red herring issue.
TB (Tony Bradley): What security products do you use- firewall? Antivirus? Etc.
GM (Gary McGraw): At work we have all the usual network security apparatus. We use crypto for protecting critical documents. We have a firewall with VPN capability. We have AV software. And so on. But more importantly, we help other companies implement software security programs, and we do analysis on software for customers all the time.
At home I have AV and a personal firewall set up. We have satellite-based internet there too, so the network is not really standard issue, making security fun.
Some final words…we all need to begin working on the software security problem, no matter what our role is. Management needs to understand that it is feasible and can be created cost effectively, developers need to know how to attain it, and consumers need to know that it is OK to expect and demand it! If you want to find out what happens when people don’t build secure software, read Exploiting Software.