Comment by DenisM
2 years ago
> it turns out that more people having access to the source code makes it more secure.
The OpenSSL debacle kinda disproved that point, didn’t it?
2 years ago
> it turns out that more people having access to the source code makes it more secure.
The OpenSSL debacle kinda disproved that point, didn’t it?
And just looking up the Linux CVE list https://www.cvedetails.com/vulnerability-list/vendor_id-33/p...
Imho end of the day, open source vs closed doesn’t matter for number/severity of security issues and ends up just being ideological posturing. The bugs exist for a variety of other reasons and tend to have the same root causes attached.
OSS has other considerations though around security. Flaws may be easier to identify and either exploit or fix. Flaw fixing is trickier though because you need to do it in such a way as to not advertise it to the world either before it’s sufficiently deployed.
How so? You need to quantify it; e.g., something like number of bugs found per year per LOC.