24 Jul
2013
24 Jul
'13
7:31 a.m.
Martin Rublik <martin.rublik@gmail.com> writes:
There is a paper on discovering vulnerabilities in open source and proprietary software you might find interesting:
There's been a bunch of work done in this area, another one that springs to mind is Coverity's scan reports. The general conclusion from them is, unsurprisingly, that being open source doesn't magically make you more secure. You only find bugs (vulns) if someone looks for them, and a closed-source app that's actively analysed for vulns (because the vendor pays employees to do it) is going to be more secure than an open-source app that no-one looks at because they're not motivated to. In either case the ones with the highest motivation to look are the attackers. Peter.