 |
More of my sitesWinInfo Daily News
|
About this siteFor six years, the Internet Nexus served as my technology blog, but I've since started blogging at the SuperSite Blog instead. If you're looking for the blog, please head there. --Paul Wednesday, February 25, 2004Is Open-Source Code Really Examined for Security Any More Than Closed-Source Software?eWeak: "There's no reason to believe that closed-source companies can't do a good code review, and not a lot of reason to assume that open-source projects are getting all the code review that people think they get. Meanwhile, there isn't any official system for reviewing open-source code for security problems. It's one of those ad hoc, community arrangements ... A SecurityFocus article on the failure hints at the reasons: people don't want to volunteer to do the boring, rote parts of a real security audit. Instead, they want to find scary vulnerabilities and exploits, and then bask in the glory of having found them ... Open source doesn't make code secure, nor does closing source make it insecure. "Again, it's heart-warming to see people coming around to reality. I've been arguing this for years. There is no way Linux (or Mac OS X for that matter) is truly as secure as Windows, for the simple fact that so many fewer people use the systems and so many fewer hackers are constantly testing them. It's common sense. [ Posted at 8:53 AM | Permalink ]
|
|
Nexus Home | Nexus Archives | Email Paul
|