Alan Cox
Linux developer
Alan Cox, one of the most respected figures in the U.K. open-source community, has warned about complacency over the security of open-source projects. And he cautioned that many open-source projects were far from secure.
Cox said that analysis looks only at well-known projects. An analysis of 150 projects from
SourceForge, a repository for open-source code, would not result in the same high marks that the Linux kernel would get, he noted. "High-quality only applies to some projects--those with good code review and those with good authors," Cox said.
"The debate of Microsoft saying 'Look how secure we are' versus Linux saying 'We're more secure' is not looking at the important points," he added.]
"If you are working with metrics and you have 14 bugs, you fix the 13 easy ones, and the one hard one can wait. That happens in the security world, but it becomes inefficient."
0 comments:
Post a Comment