24 Jul
2013
24 Jul
'13
4:16 p.m.
On Wed, Jul 24, 2013 at 07:31:20PM +1200, Peter Gutmann wrote:
unsurprisingly, that being open source doesn't magically make you more secure. You only find bugs (vulns) if someone looks for them, and a closed-source app that's actively analysed for vulns (because the vendor pays employees to do it) is going to be more secure than an open-source app that no-one looks at because they're not motivated to.
Of course open source isn't magic pixie dust, but neither is most commercial software very well analyzed. There are exceptions, but most commercial software that I have direct experience with is lacking the "active analysis" by people who are qualified and motivated to find bugs. -andy