[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is Open Source software really more secure?

When was the last time someone looked over the entire code base of mySQL to
make sure it didn't have a trojan inside? I mean hey, theoretically, who
goes over source code? Reading other programmer's source is both painful and
difficult. It would not be hard for someone to release a oss package,
announce it on freshmeat, have it distributed to thousands of people -- and
have malicious code inside it. I mean, hey, do you always read the Makefile
to make sure it doesn't contain a line that says "rm -rf /" for "make

Just my five nickels....

Paul Lowe

-----Original Message-----
From: Bud Rogers <budr@sirinet.net>
To: Debian Security <debian-security@lists.debian.org>
Date: Sunday, October 08, 2000 6:13 AM
Subject: Is Open Source software really more secure?

>I've always taken for granted the idea that open source was inherently more
>secure because it's open to peer review.  Linus said "Given enough eyes,
>bugs are shallow."  But has anyone ever done a serious study on the
> I've seen plenty of emotional arguments and anecdotal evidence, but
>that I would consider hard evidence.
>I'm doing a paper on this topic for a graduate level class in Information
>Assurance Management.  I'm looking for background material for my paper.  I
>would appreciate any pointers, urls, etc.
>Bud Rogers <budr@sirinet.net>
>To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
>with a subject of "unsubscribe". Trouble? Contact

Reply to: