Excalibur, on 10 April 2012 - 09:11 PM, said:
The statement "Open source simply makes it easier for would be miscreants to identify and exploit vulnerabilities." is a physically indisputable fact. And, saying that does not speak to any other characteristic relating to source code and how it is maintained.
And, since it is less physically secure than is open source code, it cannot be inherently more secure.
Conflating the nature of the code and how it is maintained is to ignored a distinction with an important difference.
I would like to make mention of a recent heavy hitter here. First, a source
Now the opening quote:
Linux developers have issued a critical update for the open-source OS after researchers uncovered a vulnerability in its kernel that puts most versions built in the past eight years at risk of complete takeover.
Read the rest if you will. Here is the readers digest version:
There was a security hole in the Linux kernel itself. This hole allowed for root level access on any machine running a Linux kernel released during that EIGHT YEAR time span. This is not a small problem, nor a simple regression.
The LINUX COMMUNITY found the hole and determined there was a serious problem. Then they fixed it. NOT EVEN ONCE has there been a known attack using that vulnerability. So the question is, was the community protected by the community? OR are the crackers too lazy to read the code for 8 years?
You decide how you want to view this. The way I see it, the Community stumbled upon something, and took care of it. This isn't like the MICROSOFT
8 year long vulnerability that was not only exploited, but actually KNOWN to them for that entire run!