FrMoD-Aug

Draft of points in and concerning the misuse of the [French Ministry of Defence's Report on OpenOffice] which has been used in a recent FUD campaign.

some of the vulnerabilities were fixed before the even the MoD's draft was ready, short turn around time for F/OSS patches (note: MS tries to cook the numbers on this by confusing the dates. date vulnerability implemented, date vulnerability found by black hats, by white hats, reported, admitted by vendor, patch announced, patch issued, working patch issued)

Below are items ripped from the discussion list and worth smoothing into this document

from Sophie: Malte has make a comment on their first meeting on his blog : http://blogs.sun.com/roller/page/malte?entry=french_department_of_defense_da mns

from Erwin

• Yes, ZIP and XML are open techniques which make it easy for someone

 to include malicious elements. However, the transparent nature of
 these technologies also make it easy to detect malicious elements.

 It's like with open source in general. Yes, on the one hand the
 availability of source code makes it easier to identify and exploit
 security holes. However, for the same reasons issues can be
 identified and fixed faster.

• Mr. Filiol was impressed by the fast response from the OpenOffice.org

 including Sun Microsystems. There is a very positive quote in the
 report!

• We're happy about the external security audits by organizations like

 the ESAT, because the feedback helps to develop a very secure office
 productivity solution.

• Due to the availability of the source code, companies and government

 organizations can help developing new security features and concepts.