Mr. Allison observes that these days the "bad guys who discover exploits keep them secret for their own illicit use". But then he congratulates open source code for being safer because "a good 50 percent of our security bugs are found by our own internal code audits". Those found by the bad guys are obviously not being reported.
So open source code is safer because half of all errors are found by Samba team members, with the other half from people attempting to increase business for their security companies.
Makes the argument uncompelling, no?!
Relevant quotes:
"These days we rarely get zero-day exploits posted openly to lists. The bad guys who discover exploits keep them secret for their own illicit use, and the good guys go through the currently agreed-upon best practice of sending notice to the Samba developers directly (at the mailing address security@samba.org) and work with us in coordinating the announcement of the problem and its fix."
and:
"Looking at the number of vulnerabilities is misleading. A good 50 percent of our security bugs are found by our own internal code audits, or someone just looking over some code they're working on and saying to themselves 'that looks funny...'"
Discussion on:
Message 7 of 1
IBM Sponsored Resources
Resources from our Sponsor
- Oracle Exadata vs IBM: Netezza Compared
- Forrester TEI Report
- CIA Whitepaper
- Harnessing the Power of Advanced Analytics
- Tapping into Unleashed Business Potential with Advanced Analytics
- Unlock Analytic Performance with Revolution R for Enterprise and IBM: Netezza Data Warehouse Appliance
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
