[Pdx-pm] kwiki, Mediawiki, PHP, and the Dark One
chromatic
chromatic at wgz.org
Thu Mar 1 22:20:03 PST 2007
On Thursday 01 March 2007 22:09, Michael G Schwern wrote:
> chromatic wrote:
> > I'm sorry, it's just that you used the phrase "code audit" with a plural
> > noun greater than maybe three people.
> >
> > http://www.onlamp.com/pub/a/security/2004/09/16/open_source_security_myth
> >s.html
>
> <rant>
> What a bitch-fest that article is. Commercial programmers don't know jack
> about security, either. Maybe one in a thousand will have a professional
> come in and have a look. At least when you're doing it open you know
> you're working in front of a window. I don't know how many times I've seen
> insecure commercial code written with the excuse that nobody will guess
> where the hole is.
> </rant>
Hey, at least with open source you have millions of people who could but don't
look for security holes.
I'm sure not auditing the Mozilla or OO.o codebases for problems. I fixed a
few in Parrot though.
-- c
More information about the Pdx-pm-list
mailing list