RE: Closed source more secure than open source
Bill Stewart[SMTP:bill.stewart@pobox.com]
At 06:31 PM 07/06/2002 -0700, Joseph Ashwood wrote:
First, closed source testing, beginning in the late Alpha testing stage, is generally done without any assistance from source code, by _anyone_, this significantly hampers the testing.
[...] One factor which has been ignored so far is reputation effect the two regimes have on the programmer, and the implications of that on how he writes. In virtually every Open Source project I've seen, the code is signed. Not cryptographically - the identity of the creator is known to anyone who chooses to look at the code. If they know that there is a distinct possibility that a large number of critical, intelligent, strangers are going to be looking over their code, most programmers will make an extra effort to write well, by the metrics their peers value. Thus, not only will the code work, but it will be better commented, cleaner, and clearer. This leads to fewer weak spots. You can't sweep dirt under the rug if there is no rug. In an ideal world, of course, closed source programmers would do the same, but human nature being what it is, they often don't. With signed Open Source, every line of code becomes part of an engineers reputation, part of the way they are judged by peers and potential employers. Peter Trei
participants (1)
-
Trei, Peter