[Pdx-pm] kwiki, Mediawiki, PHP, and the Dark One
chromatic at wgz.org
Thu Mar 1 22:20:03 PST 2007
On Thursday 01 March 2007 22:09, Michael G Schwern wrote:
> chromatic wrote:
> > I'm sorry, it's just that you used the phrase "code audit" with a plural
> > noun greater than maybe three people.
> > http://www.onlamp.com/pub/a/security/2004/09/16/open_source_security_myth
> What a bitch-fest that article is. Commercial programmers don't know jack
> about security, either. Maybe one in a thousand will have a professional
> come in and have a look. At least when you're doing it open you know
> you're working in front of a window. I don't know how many times I've seen
> insecure commercial code written with the excuse that nobody will guess
> where the hole is.
Hey, at least with open source you have millions of people who could but don't
look for security holes.
I'm sure not auditing the Mozilla or OO.o codebases for problems. I fixed a
few in Parrot though.
More information about the Pdx-pm-list