I took the liberty of changing the subject line to something that hopefully somewhat summarises your email.
Quoth Arnaud Legout: > As polemical as it can be, deeply-held belief such as "I will always > go for open source code because its security will > be much higher than any closed source counter parts" should be > seriously reconsidered > when there is not a strong community of developers working on code > maintenance. There is a lot of shitty code around. That has always been the case, and will always be so. Anyone who has used the OpenSSL codebase or looked at it even briefly has seen that it's shitty years ago, and probably won't have been too surprised by the recent heartbleed bug. Strong code can and does come out of small teams, including those of one or two people. I would recommend rather than judging a the quality of a project by whether there is a "strong community of developers" or how the project is financially backed, you take a few minutes to look at the state of the source code. That isn't a deep audit, of course, but can give you a sense for the tastes and cares of the people behind the code. Needless to say proprietary code which forbids such examination should be avoided, for this and other good reasons. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
