<snip> > 2. A commercial company providing with liability (and responsibility) > for the software you use (in other words - someone to blame).
What commercial software company actually offers guarantees and some form of liability? I've *never* heard of anyone successfully suing MS or Oracle or anyone else for their software screwing up. SAYING you can blame Microsoft is one thing -- doing it (other than pointing fingers) is another. > 3. No source available for people to examine, thus making it, to a > level, harder to locate security "holes" - for outsides in any case. > > Gadi Evron (i.e. ge), > [EMAIL PROTECTED] > You mean like the backdoor inserted -- by company programmers -- into Borland's/Inprise's Interbase database? The one that wasn't discovered until the program was open sourced - several YEARS later? Yes, it had been exploited for YEARS by the hacking community. Putting it bluntly, auditing takes time and skill. Closed source companies main priority are NOT stability and security, but "good enough" so they can sell more software. Dedicating programmers to do nothing but fix bugs is a waste of company resources, after that "good enough" line is crossed. At least with open source I have the option of either fixing little bugs myself, or paying someone to do it. With closed source, my business is at the mercy of the software company. Charles E. Hill Senior Partner Herber-Hill LLC _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
