2011/8/5 Matthew Finkel <matthew.fin...@gmail.com>: > On Fri, Aug 5, 2011 at 12:05 AM, Thanasis <thana...@asyr.hopto.org> wrote: >> >> I noticed that chromium's code has a lot of vulnerabilities. >> https://bugs.gentoo.org/buglist.cgi?quicksearch=www-client%2Fchromium >> I suppose this is why we see so often version upgrades of it (and it's >> not a small app to build). >> Why is its code so, should I say prone to bugs, compared to >> other browsers? >> > > Firefox isn't perfect > either https://bugs.gentoo.org/buglist.cgi?quicksearch=www-client%2Ffirefox&list_id=337885 > I think you hit the nail on the head by saying that "it's not a small app to > build". The more code that's written increases the the chances a security > holes will be introduced into the application.
I don't think so. It's not the raw number of source code lines which makes it more prone to bugs. I think that a closer and more realistic number would be the number of lines divided by the number of full-time developers, and don't forget to put in the middle of that formula how skilled they are. Having that into account, chromium has a good base since few teams in the planet will have the quantity and quality of man power that Google has to devote to this project. > And as an internet browser, they're also susceptible to many more vectors of > attack than most other packages. For chromium specifically, I haven't looked > at the CVEs but I suspect many are for webkit and not just Chromium. > Just my 2c. The webkit branch into chromium is not the same that you can find in any other webkit-based project. They just have a common origin, but they are maintained separately and it is my understanding that they have diverged enough to be considered as separate things. -- Jesús Guerrero Botella
