It's all about auditing. The more people who can look at the code can find AND FIX any bugs. And the bugs do get fixed. For historical evidence of that look at how quickly the Linux kernel was fixed when the "teardrop" bug was revealed. It took Windows much longer to release a patch. There are probably more recent examples, but that's the first one that comes to mind that effected both open and closed source software. This is the excat same reason that professional software developers have code reviews. Many eyes make all problems simple. Scott Michael Long said:
Hi,
During a discussion with an application architect, while trouble shooting SQL Servers "security" behavior, he asked how an application can be more secure when anyone can view the security related code. I thought this was self evident, but I guess it is not. I was wondering how others would answer this question?
Thanks, Mike
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug