Secure Coding mailing list archives
Re: [Fwd: DJB's students release 44 *nix software vulnerability advisories]
From: Crispin Cowan <crispin () immunix com>
Date: Wed, 22 Dec 2004 00:36:37 +0000
Shea, Brian A wrote: Isn't the base problem residing in this essentially flawed statement: "Widely deployed open source software is commonly believed to contain fewer security vulnerabilities than similar closed source software due to the possibility of unrestricted third party source code auditing." To have fewer bugs due to an external audit, that external audit would have to happen, not just be possible. Assuming fewer bugs because an Audit COULD happen is like saying we're all infected with Bird Flu because it COULD happen. Not necessarily. Just the threat of public embarrassment ("lookit the crappy code that Jone DOe wrote! <snigger>") could cause open source developers to be more disciplined in the first place. This hypothesis has been around for quite some time as part of the "open source is better" hype. However, it is also unsubstantiated. Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ CTO, Immunix http://immunix.com
Current thread:
- Re: DJB's students release 44 poorly-worded, overblown advisories, (continued)
- Re: DJB's students release 44 poorly-worded, overblown advisories Paco Hope (Dec 20)
- Re: DJB's students release 44 poorly-worded, overblown advisories ljknews (Dec 20)
- Re: Re: DJB's students release 44 poorly-worded, overblown advisories Crispin Cowan (Dec 22)
- Re: Re: DJB's students release 44 poorly-worded, overblown advisories ljknews (Dec 22)
- Re: DJB's students release 44 poorly-worded, overblown advisories ljknews (Dec 20)
- Re: Re: DJB's students release 44 poorly-worded, overblown advisories Crispin Cowan (Dec 20)
- Re: Re: DJB's students release 44 poorly-worded, overblownadvisories Paco Hope (Dec 20)
- Re: Re: DJB's students release 44 poorly-worded, overblown advisories Crispin Cowan (Dec 22)
- Re: DJB's students release 44 poorly-worded, overblown advisories Paco Hope (Dec 20)
- Re: DJB's students release 44 poorly-worded, overblown advisories dtalk-ml (Dec 20)
- RE: [Fwd: DJB's students release 44 *nix software vulnerability advisories] ljknews (Dec 20)
- Re: [Fwd: DJB's students release 44 *nix software vulnerability advisories] Crispin Cowan (Dec 21)