Linux Today: Linux News On Internet Time.

SecurityFocus.com: Redmond's security response chief warns RSA Conf. of the perils of open source.

Apr 13, 2001, 13:45 (39 Talkback[s])
(Other stories by Kevin Poulsen)

[ Thanks to Steen Kroyer for this link. ]

"The head of Microsoft's security response team argued here Thursday that closed source software is more secure than open source projects, in part because nobody's reviewing open source code for security flaws."

"Review is boring and time consuming, and it's hard," said Steve Lipner, manager of Microsoft's security response center. "Simply putting the source code out there and telling folks 'here it is' doesn't provide any assurance or degree of likelihood that the review will occur."

"The comments, delivered at the 2001 RSA Conference, were a challenge to one of the tenets of open source, that 'with many eyes, all bugs are shallow.'"

Complete Story

Related Stories: