-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ounce Labs: Open Source Software Is Perfectly Secure
,----[ Quote ]
| Claims that open source software compromises security are largely false and
| misleading, a Waltham, Massachusetts-based software risk analysis company
| said today.
|
| Officials with Ounce Labs Inc. say that the relative security of software –
| be it open source, commercial or home-grown – really just depends on whether
| security was a top priority during the development cycle.
`----
http://asterisk.tmcnet.com/topics/open-source/articles/51897-ounce-labs-open-source-software-perfectly-secure.htm
Related:
Coverity to Regularly Scan Security and Quality of 250 Open Source Projects
,----[ Quote ]
| This is the first time that Coverity is focusing on improving the
| quality of end-user professional applications such as the open
| source Blender 3d suite used to create computer animation in
| movies. Other projects to be analyzed include the GNU Image
| Manipulation Program (GIMP), an open source photo retouching
| package, and Inkscape, a vector graphics program. The new
| expansion is in response to the spread of open source software
| into all areas of the world economy, including the multi-billion
| dollar industry around professional graphics software.
`----
http://biz.yahoo.com/cnw/070501/ca_coverity_projects.html?.v=1
Most open source software is better
,----[ Quote ]
| The story is that Coverity ran 50 open source projects through
| its bug-checking system, as well as products from 100 proprietary
| makers.
|
| "On average, open-source software is of higher quality than
| proprietary software," Chelf wrote. But 11 of the 15 top-rated
| programs were proprietary.
|
| Sounds fair enough. Most open source projects are newer than the
| proprietary products they seek to displace. Chelf said one unnamed
| proprietary product in aerospace had one-fifth the number of bugs as
| any open source product out there.
|
| But here's the thing. He can't say which one. The data is proprietary.
| So, in fact, is the data on all proprietary products. There is just now
| ay to know how buggy (or non-buggy) proprietary products might be. But
| you can know how buggy the open source projects are, because Coverity
| published those results on the Web.
|
| So which side should you trust? Should you trust code that might
| really be best in class, or might be garbage? Or should you trust
| code that you can see, and whose performance in bug tests you
| can measure?
|
| Your choice.
`----
http://blogs.zdnet.com/open-source/?p=809
Leading Open Source Software Projects Eliminate Bugs Every Six Minutes After
Coverity Scan
,----[ Quote ]
| Department of Homeland Security research by Coverity shows open
| source developers on 32 most popular projects fix defects on
| average every six minutes within first week of results posted publicly
`----
http://biz.yahoo.com/prnews/060403/sfm027.html?.v=44
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkm3hRwACgkQU4xAY3RXLo5jKgCfdzsToOpCNrgxpXCg0rDFoWVy
sXwAn3h22/oL5kUWRsucoT5mjOrNLtQG
=kafQ
-----END PGP SIGNATURE-----
|
|