Calling all DEPs
Bill Campbell
bill
Mon May 17 11:45:14 PDT 2004
On Fri, Mar 07, 2003 at 06:53:27PM +0800, Chong Yu Meng wrote:
>Actually, I've always had trouble buying into the "thousand eyes"
>theory, because it assumes too much about the developer community. Call
>me cynical, but I've seen too many instances of a really obvious problem
>or contradiction escaping the eyes of a great many people, and I'm not
>just talking about Linux here.
I think that the odds are much higher of getting proper fixes to open
source software than proprietary, particularly when the proprietary vendor
has a long history of ``Kindergarten Cryptographer's Mistakes'', and who's
actions have shown that security isn't the vendor's strong point.
I don't know how many times I've looked at a piece of my own code, and not
found a problem that was seen immediately when somebody took a fresh look
at it. I've done the reverse as well.
How many times have security holes or Denial of Service vulnerabilities
shown up that affect Linux systems, and fixes have appeared in 48 hours or
less (e.g. sync flood attacks, wu-ftpd buffer overflows, etc.)?
Bill
--
INTERNET: bill at Celestial.COM Bill Campbell; Celestial Software LLC
UUCP: camco!bill PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/
With Congress, every time they make a joke it's a law; and every time
they make a law it's a joke.
-- Will Rogers
More information about the Linux-users
mailing list