Open Source Security: Still a Myth
Subject:   I'm Not Convinced
Date:   2004-09-17 11:55:30
From:   chromatic
Response to: An extremely flawed article

I think that to prove your case, you'd have to prove that having the source code available for people to audit actually leads to widespread audits and security fixes. Otherwise, you're arguing a point that John deliberately didn't address.

Certainly the availability of auditable code and the ability to produce patches might mean that open source code could have more people doing security audits and fixing problems before exploits appear -- but postulating that people could fix problems doesn't mean that people will or actually do.

Unrealized potential may be nice to have, but it doesn't do really do anything for you until someone puts work into realizing it.

I'm not interested in anecdotes and I'm very disinterested in comparisons between Apache and IIS or Outlook and mutt. I want real data, not handwaving.

Full Threads Oldest First

Showing messages 1 through 2 of 2.

  • I'm Not Convinced
    2004-09-17 12:17:08  McAction [View]

    I absolutely agree that potential doesn't equal action and that some hard data would be very helpful. However, there was no hard data in the article either. I used the same sort of arguments that the author used, so I guess my comments probably were lacking in value as well.

    • I'm Not Convinced
      2005-01-18 21:03:45  musnat [View]

      I think you are using open source zealtory, which has no merit at all.

      Microsoft does share its source code with governments. That means a lot to anybody who is making a decision to buy Microsoft software. Everybody knows for sure that Microsoft's software has been checked out by other people who doesn't have a common interest to cheat you, China vs US etc...

      On the other hand, we don't know who is really checking out open source. There is no formal way of knowing that.

      You have no arguments, I think, you are simply one of the thousands of open source zealots who is more than ready to lie and distort facts or come up with all sorts of nonesense.