On 8/19/2014 1:02 AM, Andrew White wrote:
With enough eye balls looking at the code all bugs are shallow. I think
Elecraft could benefit from an extra 100 pair of eyes looking at the
problems at no cost contributing an average of 100 hours a week at it.
Could you imagine what kind of quagmire that could result in? A better
product no less!
Once upon a time, this was the argument behind all open source projects
-- everyone is looking at the code, therefore every security hole will
be seen as part of this massively parallel but highly informal code review.
If you want to see the truth, look at all of the websites out there that
have been hacked because they're running some kind of open source
framework. Those sites usually used someone's open source upload
component, but no one did a code-review for security issues before
adopting the component(s) in question.
That's because people do not read code for pleasure, nor do they find
great joy in smashing bugs. They just use what they need, and do enough
to get what they want.
Closed-source isn't the solution, but neither is open-source.
73 -- Lynn
______________________________________________________________
Elecraft mailing list
Home: http://mailman.qth.net/mailman/listinfo/elecraft
Help: http://mailman.qth.net/mmfaq.htm
Post: mailto:Elecraft@mailman.qth.net
This list hosted by: http://www.qsl.net
Please help support this email list: http://www.qsl.net/donate.html
Message delivered to arch...@mail-archive.com
