Gnu PG is more Safe ?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Jul 24 00:31:20 PDT 2013
Martin Rublik <martin.rublik at gmail.com> writes:
>There is a paper on discovering vulnerabilities in open source and
>proprietary software you might find interesting:
There's been a bunch of work done in this area, another one that springs to
mind is Coverity's scan reports. The general conclusion from them is,
unsurprisingly, that being open source doesn't magically make you more secure.
You only find bugs (vulns) if someone looks for them, and a closed-source app
that's actively analysed for vulns (because the vendor pays employees to do
it) is going to be more secure than an open-source app that no-one looks at
because they're not motivated to. In either case the ones with the highest
motivation to look are the attackers.
Peter.
More information about the cypherpunks
mailing list