Another question is how many of the reported bugs wound up being false
positives. Through casual conversations with some vendor (I forget whom),
it became clear that the massive number of reported issues was very
time-consuming to deal with, and not always productive. Of course this is
no surpri
Good points Ken.
I lurk on a top-secret open source list that has been discussing this since New
Years. I posted an entry on Justice League with my partially formed opinion:
http://www.cigital.com/justiceleague/2008/01/09/on-open-source/
I have also written a longer piece, which will be posted
