On 23/10/14 11:36, Mohan Sundaram wrote: > On Thu, Oct 23, 2014 at 3:53 PM, Shakthi Kannan <[email protected]> wrote: >> What F/OSS claims is that the source code is available for anyone to >> try out. Even if there are bugs, people can find it and fix it, and >> anyone can *verify* the same. > Yes. This is the premise that also alludes that FOSS would mature > faster to being vulnerability free than a closed source product. The > caveat is that that must be a popular and often used software. > > SSL and Bash satisfy both these criteria but still had serious > vulnerabilities. Such vulnerabilities leads me to think that a hybrid > model would possibly work better. > > a) Develop fast, release fast and mature fast as proposed by ESR for > non-foundation software. > b) A more focussed QA by a dedicated team like what Theo practices for > OpenBSD for core platform components which also means feature > inclusion will be slow but measured. I have been thinking along very similar lines - but my approach so far has been around creating a FOSS QA project that looks at other projects independently.
I know google are doing something in this vain, but I am not sure they are particularly independent when it comes to government agencies. _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc ILUGC Mailing List Guidelines: http://ilugc.in/mailinglist-guidelines
