[Pdx-pm] kwiki, Mediawiki, PHP, and the Dark One

chromatic chromatic at wgz.org
Thu Mar 1 22:20:03 PST 2007

On Thursday 01 March 2007 22:09, Michael G Schwern wrote:

> chromatic wrote:

> > I'm sorry, it's just that you used the phrase "code audit" with a plural
> > noun greater than maybe three people.
> >
> > http://www.onlamp.com/pub/a/security/2004/09/16/open_source_security_myth
> >s.html
> <rant>
> What a bitch-fest that article is.  Commercial programmers don't know jack
> about security, either.  Maybe one in a thousand will have a professional
> come in and have a look.  At least when you're doing it open you know
> you're working in front of a window.  I don't know how many times I've seen
> insecure commercial code written with the excuse that nobody will guess
> where the hole is.
> </rant>

Hey, at least with open source you have millions of people who could but don't 
look for security holes.

I'm sure not auditing the Mozilla or OO.o codebases for problems.  I fixed a 
few in Parrot though.

-- c

More information about the Pdx-pm-list mailing list