One of the concerns with Open Source Software has always been security. But proponents claim that since hundreds of independent developers see the code before it is released, they can find and eliminate security holes before they happen.
eWeek has a great analysis of how this may be a false sense of security in their 9/30/02 cover story. Right now it's at http://www.eweek.com/article2/0,3959,562220,00.asp
Reading someone else's code can be nearly impossible and in the current climate, code can be a petri dish for problems. Here's an example.
A few years ago a Japanese company hired a firm to work on some custom apps for them. I think it was a transportation company. They completed the job and things worked fine. But the firm had put some code in that was essentially a time bomb. The programmers were actually technically skilled terrorists posing as an IT shop and were able to cause much damage and even some loss of life.
So the Open Source world can give you lots of eyeballs to spot something like that but they don't offer the accountability of a company like Microsoft. It can be a tradeoff.
4:12:14 PM 
|
