, SecurityFocus 2000-09-04
Last month's Brown Orifice program opened a backdoor to an insecure future. Can open source save the day?
Expand all |
Post comment
"All bugs are shallow" is a delusion of Open Source Arguments
2000-09-08
peter (at) smalltalk (dot) org [email concealed]
peter (at) smalltalk (dot) org [email concealed]
Further more it is a myst that OS software is more secure.
In fact if I I as a hypotetical cracker want to break into a system
I would of course try to use an unknown exploit.
So if I can get hands on the sources for a system I would
analyse them in the first line to to break into it and not to
post the exploit.
Also is Raymond simply wrong if he claims Brooks Law would
not hold for OS development.
In OS development the situation is even worse! Make the test:
watch how many check out from an CVS archive, and how many
check in.
Watch the changes and contributions they make.
You see that most OS development projects have a ridiculess
low performance in terms of LOC per programmer or LOC per
month.
If you go to sourceforge.net and pick randomly OS developed
projects you find rediculous high bug rates.
Please do not conclude that I'm against OS :-) But most
which is written about it, even from coryphaes like ESR, is
simply wrong or at least unprooved and there are no investigations
or numbers which proove any claim made.
Regards,
angel'o'sphere
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/80/3318#3318