Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Steve Lipner here,
Steve Bellovin, one of the pioneers of Internet security wrote a blog post about security, open source, and secure development process. It's worth reading if you're an open source fan, or if you're not.
My one quibble is that Steve refers to fixing bugs in a way that implies that just fixing bugs improves security. Our experience is that fixing bugs is not enough - you have to use tools and processes that specifically prevent security bugs from getting into the code in the first place.
But that’s a minor quibble. I think Steve's post is right on and a great read.
PingBack from http://asp-net-hosting.simplynetdev.com/the-open-source-quality-challenge/
But would he really feel that Firefox was more secure than it is now if they decided to only ship updates every other Tuesday? I doubt it.