FYI, there's an interesting opinion article in Business Week by Coverity's CTO, Ben Chelf (see link below). In it, he discusses the results of their scanning of a significant sampling of both open- and closed-source projects. Chelf compares some special purpose proprietary software security/quality with the best of what's out in the open source world. Further, he opines that the open source guys need to adopt far more rigorous QA testing in order to compete with the best of the proprietary source world. I'm passing this along not to launch into the invariable religious debates of closed- vs. open-source, but to encourage discussion about Chelf's claims with regards to rigorous QA testing. Anyway, here's the article. |
PGP.sig
Description: This is a digitally signed message part
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
