24 Jul
2013
24 Jul
'13
7:29 a.m.
On Tue, Jul 23, 2013 at 11:08 PM, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote:
Having code that's open source doesn't help at all if no-one looks at it.
It is easy to write code. Harder to write it securely. Even harder to spot your own mistakes. And unless perfect written from the start, will need reviewed and fixed. Yet time to review and fix is not as free as the time writing it, is often viewed as a chore, and happens far less than open source assumes it does. Are we developed enough to begin putting together lists of most critical libraries/tools/apps and pipelining them through a crowdfunded independant peer review program? (501c3 perhaps) Or at least put bounties on the same lists.