http://news.zdnet.com/2036-2_22-6069781.html

Does anyone have any information to back up his theory, because he didn't articulate it to well in that video...

http://news.zdnet.com/2036-2_22-6069781.html

Does anyone have any information to back up his theory, because he didn't articulate it to well in that video...

Uh, right... I've heard people dismiss the "many eyeball theory" as he puts it before. And in a way he is right, just because Millions of people CAN look at the source code, doesn't mean they DO. There is a difference. However, I'd say open source is a heck of a lot more secure than closed proprietary code. There are is one good reason I can think of.

Close Proprietary developers are usually in it to make money, and to make money people have to have confidence in the product. Thus, making money is usually more important to them and making their product secure. Thus, they might find a problem and know about it and sit on it for months (maybe even years) because it could cost them a fortune to recode the error, and it would make them seem to be insecure (thus losing confidence in its user base if it were exposed to public). A good example was Microsoft's response to the ANSI exploit in XP and Vista (yup, it was zero day in the SECURE version of windows :p). MS sat on the bug for months (almost 6 I think) after eEye (a security company, google em) told them about the bug. Hackers found out and then began to set up sites to exploit the hole. eEye produced a quality patch that they distributed through their service (Blink) to protect their customers the moment they knew it was wild(they didn't break any machines I might add), MS took a few more weeks to finish testing their code, supposedly... and broke some machines with realtek cards (fixed via later update).

Thus, because the above is not true for open source people (I don't think so at least) they don't have to live in denial of an exploit and can create and implement a fix/code change in a faster time span. In any case, at worst an open source piece of software has no more bugs than a proprietary one, at best, we have less. In fact, while others have cited our large amounts of updates as proof that linux/open source is less secure, I'd say that makes it all the more secure since we are willing to update anything and everything that needs to, more patches to me means less holes in the program. For example, we don't have to be shifty like MS and label some updates as critical and others sub critical, just to look like less exploits are in windows (yes, they've actually resorted to that, misinforming their own users as to a patch so they look better, I'd cite but it was an old article from a few weeks).

I hope that makes sense, seems a bit convoluted now, like a giant blob of text :p.

ZDNet... Allow me to find my grain of salt.

ZDNet... Allow me to find my grain of salt.

. < -- found it

. < -- found it

ROFL... ya, I guess thats the right way to look at it. *grumbles at how he wrote so much and was summed up by a grain of salt....* >.>