Re: Is Open Source software really more secure?
When was the last time someone looked over the entire code base of mySQL to
make sure it didn't have a trojan inside? I mean hey, theoretically, who
goes over source code? Reading other programmer's source is both painful and
difficult. It would not be hard for someone to release a oss package,
announce it on freshmeat, have it distributed to thousands of people -- and
have malicious code inside it. I mean, hey, do you always read the Makefile
to make sure it doesn't contain a line that says "rm -rf /" for "make
Just my five nickels....
From: Bud Rogers <firstname.lastname@example.org>
To: Debian Security <email@example.com>
Date: Sunday, October 08, 2000 6:13 AM
Subject: Is Open Source software really more secure?
>I've always taken for granted the idea that open source was inherently more
>secure because it's open to peer review. Linus said "Given enough eyes,
>bugs are shallow." But has anyone ever done a serious study on the
> I've seen plenty of emotional arguments and anecdotal evidence, but
>that I would consider hard evidence.
>I'm doing a paper on this topic for a graduate level class in Information
>Assurance Management. I'm looking for background material for my paper. I
>would appreciate any pointers, urls, etc.
>Bud Rogers <firstname.lastname@example.org>
>To UNSUBSCRIBE, email to email@example.com
>with a subject of "unsubscribe". Trouble? Contact