Gnu PG is more Safe ?
Andy Isaacson
adi at hexapodia.org
Wed Jul 24 09:16:27 PDT 2013
On Wed, Jul 24, 2013 at 07:31:20PM +1200, Peter Gutmann wrote:
> unsurprisingly, that being open source doesn't magically make you more secure.
> You only find bugs (vulns) if someone looks for them, and a closed-source app
> that's actively analysed for vulns (because the vendor pays employees to do
> it) is going to be more secure than an open-source app that no-one looks at
> because they're not motivated to.
Of course open source isn't magic pixie dust, but neither is most
commercial software very well analyzed. There are exceptions, but most
commercial software that I have direct experience with is lacking the
"active analysis" by people who are qualified and motivated to find
bugs.
-andy
More information about the cypherpunks
mailing list