: application vulnerable or is really just a "ruckus" issue? Part of : me thinks that b/c the code is freely available, people could find : the security issues anyway, so we aren't really protecting ourselves : anyway by denying access.
Personally I agree ... if the source is free, all exposing vulnerabilities to the public can do is give more people the power to submit patches. Anyone truely nefarious can run FindBugs (or purchase copies of the Fortify commercial analysis applications) on the source code directly and get the same information. Then again: my involvement with "high profile" open source projects is relatively short lived ... there may very well be a lot of 'old timers' with horror stories of past experiences that demonstrate why some aspects of Open Source projects need to be less open then others to protect the user base. -Hoss --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
