Noted "secure coder" Wietse Venema estimates that there is roughly one
security bug per 1000 lines in his source code.^1
If writing programs would be a proportional matter--which is not--that is,
if writing a program of 10'000 lines is like writing 10 programs of 1'000
lines each, of 100'000 like 10 of 10'000, and so on; and if we say that KDE
has been written by fellows such Venema or better only; then there should be
5000 [5'000'000 / 1'000] security bugs in KDE. [Security bugs nota bene, not
counting the other bugs.] Half-good fellows as Venema makes 10'000 security
bugs [how many lines of source code for Ion?], and 15'000 for programers 1/3
as good as Venema ... admitting the proportionality from above.
1. Mark G. Graff, Kenneth R. van Wyk, Secure Coding, Principles &
Practice, O'Reilly. [Roy: notice the general "in his source code," Venema has
not only written Postfix.]
--
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS anjing menggonggong, kafilah tetap berlalu
SSSSS . s l a c k w a r e SSSSSS the dogs are barking, the caravan moves on
SSSSS +------------ linux SSSSSS [illustrates useless protest, critic, or
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS sarcasm]
