Re: Is Open Source software really more secure?
When was the last time someone looked over the entire code base of mySQL to
make sure it didn't have a trojan inside? I mean hey, theoretically, who
goes over source code? Reading other programmer's source is both painful and
difficult. It would not be hard for someone to release a oss package,
announce it on freshmeat, have it distributed to thousands of people -- and
have malicious code inside it. I mean, hey, do you always read the Makefile
to make sure it doesn't contain a line that says "rm -rf /" for "make
install"?
Just my five nickels....
Paul Lowe
paul@ulink.net
-----Original Message-----
From: Bud Rogers <budr@sirinet.net>
To: Debian Security <debian-security@lists.debian.org>
Date: Sunday, October 08, 2000 6:13 AM
Subject: Is Open Source software really more secure?
>I've always taken for granted the idea that open source was inherently more
>secure because it's open to peer review. Linus said "Given enough eyes,
all
>bugs are shallow." But has anyone ever done a serious study on the
subject?
> I've seen plenty of emotional arguments and anecdotal evidence, but
nothing
>that I would consider hard evidence.
>
>I'm doing a paper on this topic for a graduate level class in Information
>Assurance Management. I'm looking for background material for my paper. I
>would appreciate any pointers, urls, etc.
>
>--
>Bud Rogers <budr@sirinet.net>
>
>
>--
>To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
>with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>
Reply to: