Lately, there have been a lot of comparisons between the security vulnerabilities of the competing server platforms IIS by Microsoft and the open source Apache. At Apachecon 2005, Opening Move's Scott Mace caught up with Ben Laurie, Director of Security for the Apache Foundation and this very question was addressed. They also discuss many of the issues about security facing the Apache Foundation.
Since Apache is part of a standard set of server tools, known as LAMP (Linux, Apache, mySQL and PHP), some security vulnerabilities that are attributed to Apache are actually inherent in other applications. However, Laurie points out that Apache is built with security as a main concern, rather than an added component. He argues that the combination of security at the core along with diligent bug fixes make Apache a secure solution.
This talk starts with an overview of the Apache vs. Microsoft controversy, and some accessible explanations about the development of Apache. In the second half, Laurie delves more deeply into specifics about Apache, SSL, TLS and other security issues.
Ben Laurie is the Director of Security for the Apache Foundation, author of Apache-SSL and he is The Bunker Secure Hosting Ltdâ€™s Director of Security.
Ben is generally acknowledged as one of the foremost experts in security in the country. He is the author of Apache-SSL, the global number one open source secure internet web server, and is a core team member of OpenSSL, the worldâ€™s most widely used cryptographic library. He is co-author of Apache: The Definitive Guide, is a founding Director of Apache Software Foundation (ASF) and the Head of the ASF Security Team.
Ben is obsessed with security and privacy, particularly on the internet, and always leads by example by putting the emphasis on security and encryption in all his product development.
This free podcast is from our Opening Move series.