EarthWeb: Thoughts on Java and Open Source SecurityFeb 04, 2001, 14:16 (2 Talkback[s])
(Other stories by Thomas Gutschmidt)
"Java has been historically lucky in the open source field. Sun has been committed to community and industry participation since Java's inception, and by opening up source code Sun has help to foster innovation and customizing -- including security. This has cultivated a large collection of extensions and other multiple open source Java projects. However, critics to open source have strong opinions about the security of the software. Their arguments usually fall under one of two categories: Developer trust and secrecy."
"Simply put, the critics do not trust the developers. The concern is whether the open source code is developed with any regard to tracking, accountability, or control. There are no guarantees that any of the programmers are experts in their field, and critics wonder who exactly has had a chance to look at the source code, and whether anyone has actually invested any time or effort. They wonder what will happen when bugs and holes are found in the product, and whether there will be any accountability. They worry about the lack of documentation and official support. They may even suspect developers of being hackers planting software with exploitable holes."
"The rebuttal is that open source may instead contribute to developer quality. How efficient can code review be within a closed circle? And how efficient is a review if there is only a small team of developers?"