eWeek: Is Open-Source Code Really Examined for Security Any More Than Closed-Source?
Feb 24, 2004, 22:00 (32 Talkback[s])
(Other stories by Larry Seltzer)
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
[ Thanks to Jason
Greenwood for this link. ]
"The usually simmering open source vs. closed source debate
boiled over recently following the leak of Windows source code on
the Internet. And it boiled over here too.
"Some 95 percent of the response to my column on the Windows
source code leak and what it might indicate about the value of
closed-source code as a security technique said that I didn't get
the point: Since open source is open, it gets a better code review.
Anyone can get the source, look at it and find problems in it.
"Inherent in this argument is the assumption that closed-source
projects don't get code reviews, or at least that they get inferior
ones. I'm not so sure this is true. In fact, there's no reason to
believe that closed-source companies can't do a good code review,
and not a lot of reason to assume that open-source projects are
getting all the code review that people think they get..."