On Wed, 21 Mar 2007, Steven M. Christey wrote:
: With rare exceptions, in general, I do not find that the
: open source community is that much more security consciousness
: than those producing closed source. Certainly this seems true
: if measured in terms of vulnerabilities and we measure
On Wed, 21 Mar 2007, Steven M. Christey wrote:
: With rare exceptions, in general, I do not find that the
: open source community is that much more security consciousness
: than those producing closed source. Certainly this seems true
: if measured in terms of vulnerabilities and we
Just because people can look at a project in detail, doesn't mean they
will. More to the point, just because people can, doesn't mean code
auditing gurus will look at it.
And sometimes, when they do look they get booted out of the project
http://www.heise-security.co.uk/news/82500
-gp
