Shea, Brian A wrote:
Isn't the base problem residing in this essentially flawed statement:
"Widely deployed open source software is commonly believed to contain
fewer security vulnerabilities than similar closed source software due
to the possibility of unrestricted third party source code auditing."
To have fewer bugs due to an external audit, that external audit would
have to happen, not just be possible. Assuming fewer bugs because an
Audit COULD happen is like saying we're all infected with Bird Flu
because it COULD happen.
Not necessarily. Just the threat of public embarrassment ("lookit the
crappy code that Jone DOe wrote! <snigger>") could cause open source
developers to be more disciplined in the first place. This hypothesis
has been around for quite some time as part of the "open source is
better" hype.
However, it is also unsubstantiated.
Crispin
--
Crispin Cowan, Ph.D. http://immunix.com/~crispin/
CTO, Immunix http://immunix.com
