Open Source Security: Still a Myth
Subject:   I'm Not Convinced
Date:   2004-09-17 11:55:30
From:   chromatic
Response to: An extremely flawed article

I think that to prove your case, you'd have to prove that having the source code available for people to audit actually leads to widespread audits and security fixes. Otherwise, you're arguing a point that John deliberately didn't address.

Certainly the availability of auditable code and the ability to produce patches might mean that open source code could have more people doing security audits and fixing problems before exploits appear -- but postulating that people could fix problems doesn't mean that people will or actually do.

Unrealized potential may be nice to have, but it doesn't do really do anything for you until someone puts work into realizing it.

I'm not interested in anecdotes and I'm very disinterested in comparisons between Apache and IIS or Outlook and mutt. I want real data, not handwaving.

1 to 1 of 1
  1. I'm Not Convinced
    2004-09-17 12:17:08  McAction [View]

    • I'm Not Convinced
      2005-01-18 21:03:45  musnat [View]

1 to 1 of 1