Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • Most of those active in the open source world, and many in the security world, believe this. However, the vast majority of people do not look at the source, and so you don't really have those many eyes. Even someone like me - technically competent, paranoid about security - doesn't really look hard at code. I rely on fora like bugtraq and full-disclosure, and lots of monitoring and logging, to alert me to security problems. If an app I want to use is buggy, I'm more likely to delete it and try something else than to read the code to see what's wrong.

    I read a paper recently (sorry, I forget who by, what it was called, or where it was published, but it was a reputable journal) which basically said that it didn't make much difference to the bugginess of a major release whether software was closed source or open source. But it then went on to say that open source developers tended to fix their bugs quicker once they were reported.