On Thu, Oct 23, 2014 at 3:53 PM, Shakthi Kannan <[email protected]> wrote: > What F/OSS claims is that the source code is available for anyone to > try out. Even if there are bugs, people can find it and fix it, and > anyone can *verify* the same.
Yes. This is the premise that also alludes that FOSS would mature faster to being vulnerability free than a closed source product. The caveat is that that must be a popular and often used software. SSL and Bash satisfy both these criteria but still had serious vulnerabilities. Such vulnerabilities leads me to think that a hybrid model would possibly work better. a) Develop fast, release fast and mature fast as proposed by ESR for non-foundation software. b) A more focussed QA by a dedicated team like what Theo practices for OpenBSD for core platform components which also means feature inclusion will be slow but measured. -- Mohan Sundaram _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc ILUGC Mailing List Guidelines: http://ilugc.in/mailinglist-guidelines
