Without Peer: Open Source Security
Source: ZDNet --   - Posted by LinuxSecurity.com Team   
Security Projects Open source code is not infallible. It is prone to some of the glitches that plague its commercial counterpart. Yet, at the same time, it contains a number of safeguards and checks against any one person's mistake being carried too . . . Open source code is not infallible. It is prone to some of the glitches that plague its commercial counterpart. Yet, at the same time, it contains a number of safeguards and checks against any one person's mistake being carried too far. The recent incident in which Red Hat included a default log-in for its Piranha clustering modules - raising security concerns about the product - illustrates the point. Lead developer Philip Copeland complained in an online diary that "the Piranha package was literally nailed together a day before the CD had to be finalised, so there was less than 24 hours for other people to review the code." Red Hat Linux 6.2 included parts that were rushed together at the last minute, something like a commercial product being stamped out on deadline. But Copeland's complaint contains the clue to the cure: "other people to review the code."

Read this full article at ZDNet --  

Only registered users can write comments.
Please login or register.

Powered by AkoComment!