[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Crowdfunding code reviews [was: GnuPG Safe]



On Tue, Jul 23, 2013 at 11:08 PM, Peter Gutmann
<[email protected]> wrote:
> Having code that's open source doesn't help at all if no-one looks at it.

It is easy to write code. Harder to write it securely. Even harder to spot
your own mistakes. And unless perfect written from the start, will need
reviewed and fixed. Yet time to review and fix is not as free as the time
writing it, is often viewed as a chore, and happens far less than open
source assumes it does.

Are we developed enough to begin putting together lists of most critical
libraries/tools/apps and pipelining them through a crowdfunded independant
peer review program? (501c3 perhaps) Or at least put bounties on the
same lists.