I've always taken for granted the idea that open source was inherently more secure because it's open to peer review. Linus said "Given enough eyes, all bugs are shallow." But has anyone ever done a serious study on the subject? I've seen plenty of emotional arguments and anecdotal evidence, but nothing that I would consider hard evidence.
I'm doing a paper on this topic for a graduate level class in Information Assurance Management. I'm looking for background material for my paper. I would appreciate any pointers, urls, etc. -- Bud Rogers <[EMAIL PROTECTED]>
