[Elecraft] Elecraft Digest, Vol 124, Issue 11
Lynn W. Taylor, WB6UUT
KX3 at ColdRocksHotBrooms.com
Tue Aug 19 11:57:47 EDT 2014
On 8/19/2014 1:02 AM, Andrew White wrote:
> With enough eye balls looking at the code all bugs are shallow. I think
> Elecraft could benefit from an extra 100 pair of eyes looking at the
> problems at no cost contributing an average of 100 hours a week at it.
> Could you imagine what kind of quagmire that could result in? A better
> product no less!
Once upon a time, this was the argument behind all open source projects
-- everyone is looking at the code, therefore every security hole will
be seen as part of this massively parallel but highly informal code review.
If you want to see the truth, look at all of the websites out there that
have been hacked because they're running some kind of open source
framework. Those sites usually used someone's open source upload
component, but no one did a code-review for security issues before
adopting the component(s) in question.
That's because people do not read code for pleasure, nor do they find
great joy in smashing bugs. They just use what they need, and do enough
to get what they want.
Closed-source isn't the solution, but neither is open-source.
73 -- Lynn
More information about the Elecraft
mailing list