Secure Coding mailing list archives
Re: Fwd: I don't beleive open source is always the answer
From: "George W. Capehart" <gwc () acm org>
Date: Fri, 12 Dec 2003 00:28:10 +0000
On Wednesday 10 December 2003 10:21 pm, Joe Teff wrote: <snip>
The idea of taking the source and making your own change is also unrealistic. Since this list is all about security, I know everyone here would agree that any such change would require a great deal of testing. You've then just made the solution your own product to support.
<wise-acre remark> As opposed to blithely installing the latest patch from Microsoft as soon as it is available without taking it into the lab and seeing what it breaks first? </wise-acre remark> I have two thoughts: (1) Don't see that this is all that different from supporting systems that were developed from scratch in-house or for a system for which the source was purchased with the intent of implementing internal modifications. (2) Any organization that doesn't run *any* new version of software (whether it be open source, closed source or in-house developed) through a change control process and regression and stress testing before putting it into production deserves what it gets . . . "But then, I could be wrong." <Apologies to Dennis Miller> /g -- George Capehart BOFH excuse #389: /dev/clue was linked to /dev/null
Current thread:
- Fwd: I don't beleive open source is always the answer Joe Teff (Dec 11)
- Re: Fwd: I don't beleive open source is always the answer David M. Wilson (Dec 11)
- Re: Fwd: I don't beleive open source is always the answer Joe Teff (Dec 12)
- Re: Fwd: I don't beleive open source is always the answer George W. Capehart (Dec 11)
- Re: Fwd: I don't beleive open source is always the answer Martin Stricker (Dec 11)
- Re: Fwd: I don't beleive open source is always the answer der Mouse (Dec 12)
- Message not available
- Re: Fwd: I don't beleive open source is always the answer Joe Teff (Dec 12)
- Re: Fwd: I don't beleive open source is always the answer David M. Wilson (Dec 11)