Open Source Security: Still a Myth
Subject:   a little editing --
Date:   2004-09-17 18:20:48
From:   joelrees
Response to: a little editing --

Separating the edit from the critique, I think the error reflects the fuzziness of the approach. It seems to me that the author, recognizing that the many eyes argument shifts in quality for the small audience projects, but not thinking through.

As one reply has already noted, at the very minimum, open source offers more potential for external audit than closed source. Closed source contains inherent barriers to external audit. Just like with voting machines, it is the external audit that allows for real engineering audits to begin.

One more pet peeve: commercial vs. open source is a false argument. Large audience open source is without exception commercial.