Closed source more secure than open source

[Trei, Peter]

> Bill Stewart[SMTP:bill.stewart at pobox.com]
> 
> At 06:31 PM 07/06/2002 -0700, Joseph Ashwood wrote:
> >First, closed source testing, beginning in the late Alpha testing stage,
> is
> >generally done without any assistance from source code, by _anyone_, this
> >significantly hampers the testing.
> 
[...]


One factor which has been ignored so far is reputation 
effect the two regimes have on the programmer, and
the implications of that on how he writes.

In virtually every Open Source project I've seen, the code 
is signed. Not cryptographically -  the identity of the creator 
is known to anyone who chooses to look at the code.

If they know that there is a distinct possibility that a large number
of critical, intelligent, strangers are going to be looking over their
code, most programmers will make an extra effort to write well,
by the metrics their peers value. Thus, not only will the code work,
but it will be better commented, cleaner, and clearer. This leads
to fewer weak spots. You can't sweep dirt under the rug if there 
is no rug.

In an ideal world, of course, closed source programmers would
do the same, but human nature being what it is, they often don't.

With signed Open Source, every line of code becomes part of
an engineers reputation, part of the way they are judged by 
peers and potential employers. 

Peter Trei