[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Gnu PG is more Safe ?

Martin Rublik <[email protected]> writes:

>There is a paper on discovering vulnerabilities in open source and
>proprietary software you might find interesting:

There's been a bunch of work done in this area, another one that springs to
mind is Coverity's scan reports.  The general conclusion from them is,
unsurprisingly, that being open source doesn't magically make you more secure.
You only find bugs (vulns) if someone looks for them, and a closed-source app
that's actively analysed for vulns (because the vendor pays employees to do
it) is going to be more secure than an open-source app that no-one looks at
because they're not motivated to.  In either case the ones with the highest
motivation to look are the attackers.