Open Source Security: Still A Myth

jpkunst writes "John Viega (coauthor of a.o. Building Secure Software) argues in Open Source Securitey: Still A Myth at O'Reilly's onlamp.com that "open source software may currently be less secure than its commercial counterparts.". According to him, there may be "more eyeballs" looking at open source software, but he does not believe those eyeballs are looking for security problems in a structured way."

Windows Service Pack 2 used the same method.

[reality-bytes]

And now my old-man is mopping up the peices for his customers who have broken hardware compatabilities etc.

They obviousbly used the same "It works on our box so it must be fixed" approach.

Insecure languages popular in OSS community

[3770]

Take the Linux kernel as an example. It is written in C. C is a blazingly fast language and it has many advantages. But it is inherently insecure. It doens't help the developer to prevent for instance buffer overrun bugs.

Large portions of next generation Windows will be built in .net (I think, let me know if I'm wrong), and with that they are protected against buffer overruns. This is not only the case for .net, it is also true for Java (But I know of no OS development in Java).

The open source process may be superior because of "brute force", but as long as they use computer languages that are harder to write secure applications in, they will have a disadvantage.

Re:Still...

[LnxAddct]

Whoever the hell moderated this as a troll is a biased bastard too ignorant to want to accept the truth. Everything stated in the parent post is 100% accurate and any coder knows how dependant Windows components are on each other.
Regards,
Steve

Re:More Eyeballs

[black+mariah]

So you've never installed a patch for, or upgraded Sendmail? So you're running on 20+ year old kludge code? If you're going to talk about stupid shit, be more careful.