

Why Open Source Yields a More Secure Product - privacyguru
http://www.securityweek.com/defense-bind-open-source-dns-software-yields-better-breed-secure-product

======
rick888
It sounds good in theory: the more eyes there are on the code, the less bugs
there will be in the future.

The reality is that a good percentage of the people using the app will never
actually fix or report any bugs (or even look at the source for that matter).
There are usually a small amount of people that actually do make changes. If
you had 1000 developers making constant updates, the project would be
impossible to maintain.

Many of the open source apps that I've used in the past don't even have bugs
discovered for months or even years after they were in the wild, which tells
me that it's not that much more efficient at finding and fixing security
issues than a closed-sourced app.

------
kenjackson
This article oddly doesn't really address the subject of this post. It really
argues why open source shouldn't be more insecure, but really gives no
argument why it is more secure.

I've always found that open sourcing code makes it more likely bugs are found,
whether by white or black hats. But due to the asymmetry in the value of
security bugs, finding more bugs is actually a bad thing.

------
nwmcsween
I could swear there was a test of opensource vs. closed source bugs over time
comparison and what they concluded was were equal in the amount of bugs
produced. Open source doesn't create magical code without bugs. What it does
seem to create is zealots with a soapbox.

