Over at David Cartwright's Home Page there's some comments on a debate about the relative security of open and close source software. It pretty much sums up how I feel about it.
There are potentially going to be security flaws, either malicious or accidental, in any software much more compicated than "Hello World", be it open or close source. My personal opinion is that at least with open source software if it's sufficiently important to you to mitigate that risk you *can* get the source code reviewed. This cannot be the case with closed source software as even if you are given a copy of the code to review (for example with Microsoft through their shared source initiative) you have no guarantee that the code you reviewed is the code that was compiled to create the software you get on the CD.....
Leads me on to another thought actually which is, I wonder if any of the shared source licensees have been able to comile something like Win2003 server from the source they've been given to create a running OS.....?


Security Geek, Kubernetes, Docker, Ruby, Hillwalking