Open Source auditing

Discussion in 'Computer Security' started by Hairy One Kenobi, Feb 2, 2004.

  1. http://www.theregister.co.uk/content/55/35262.html

    In case anyone missed the story. Any links out there for people who /are/
    doing what everyone's advocating..?

    --

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
     
    Hairy One Kenobi, Feb 2, 2004
    #1
    1. Advertisements

  2. Hairy One Kenobi

    poohbah Guest

    poohbah, Feb 3, 2004
    #2
    1. Advertisements

  3. That's the one - although I was thinking more of a Linux thing (unless I'm
    reading the name wrong; IIRC, my old Amiga was effectively a BSD box..)

    Interestingly enough, I don't see anything about QA procedures, though.
    Latest write-up dates from 2000, as far as I can see..

    *Not* trying to reopen the wounds exhibited in a couple of
    flame^H^H^H^H^Hthreads here - just trying to see who's "walkin' the walk" in
    addition to "talkin' the talk" ;o)

    AFAIK, it's in *all* of our best interests.

    H1K
     
    Hairy One Kenobi, Feb 3, 2004
    #3
  4. Hairy One Kenobi

    Dazz Guest

    On Tue, 3 Feb 2004 23:48:42 -0000, "Hairy One Kenobi"

    I think the problem lies with finding people with the right skills to
    work through the code, and have the time to do it.

    There are people who do it (and I'm not just talking about the
    programmers themselves), but they don't necessarily publicise it,
    unless they find something majorly wrong.

    From time to time I'll have a look at source code, and while I can
    work my way through *some* of it, I wouldn't know if I'd missed
    something or not.

    But, there are people who do it.

    Dazz
     
    Dazz, Feb 4, 2004
    #4
  5. The question is: who? (From the original story, a project to do just that
    failed through the lack of a programmer willing to do just that)

    Given that the whole basis for the Open vs. Closed argument hinges on people
    actually checking the code, I figured that someone, somewhere, must know of
    someone actually doing it & (hopefully) publishing the results (to stop the
    same ol' packages being reviewed, and omitting others)

    H1K
     
    Hairy One Kenobi, Feb 4, 2004
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.