Slashdot Mirror
LAMP Lights the OSS Security Way
Kevin Young wrote to mention a ZDNet article which goes into some detail on new results from a Department of Homeland security initiative. It's called the 'Open Source Hardening Project', and (funded to the tune of $1.24 Million) the goals of the initiative are to use a commercial tool for source code analysis to buck up the security base of many OSS projects. LAMP (the conglomeration of Linux, Apache, MySQL, and PHP/Perl/Python) was a 'winner' in the eyes of the project. From the article: "In the analysis, more than 17.5 million lines of code from 32 open-source projects were scanned. On average, 0.434 bugs per 1,000 lines of code were found, Coverity said. The LAMP stack, however, 'showed significantly better software quality," with an average of 0.29 defects per 1,000 lines of code, the technology company said.'"
That's the stat I want to see....
RHCE; are you certified? Karma: ambiguous.
Oh, come on! A database that needs to be vacuumed every hour is just not a useful database! When Postgres overcomes that need, it will be useful -- not until.
RHCE; are you certified? Karma: ambiguous.
Micro$oft systems? I think M$ should open to the same analysis of Windows/IIS/MSSQL/ASP.Net to see where they stand.
I would be curious to see the results of the same evaluation on Windows Server 2k3, IIS 7.0, SQL Server 2005, and ASP.NET 2.0-- it would bring a whole new meaning to 'Giving 100%!'
If you're software is any good it should be able to run on more then one DB, at least Postgres.
Actually, I'd say that if your software is any good, it won't be able to run on multiple database. Why? If you can run the same code on multiple databases, then you're not taking advantage of any of the database-specific performance features. Heck, how do you get stored procedures to run across multiple databases? If you're calling "SELECT * FROM TABLENAME" good software because it can run on any database, then you've got some learnin' to do.
I don't respond to AC's.