Skip to main content
Software Engineering

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

Required fields*

5
  • 2
    Not that I agree or disagree, but "widely agreed" by whom? This is not a sentiment that I've actually heard expressed. Commented Nov 24, 2012 at 10:22
  • Thanks for the quick response man! And it does make sense when I think about it, it's a trade-off between sharing something that would have already been found by skilled hackers and getting proper input from well-intentioned programmers. Clearly I hadn't though about it this way.. Thanks again! Commented Nov 24, 2012 at 10:25
  • @SnOrfus: see Linus' Law and Kerckhoffs's principle. Admittedly, "widely agreed" may be a bit of an exaggeration, but I'd wager that the majority of experienced programmers would agree. Commented Nov 24, 2012 at 10:36
  • 1
    @MichaelBorgwardt, I'd wager that the majority of experienced programmers would disagree. So-called "more eyeballs = less vulnerable" isn't based on actual proper research. Heartbleed is not the first and will not be the last. Also see blog.codinghorror.com/given-enough-money-all-bugs-are-shallow Commented Jun 5, 2015 at 9:12
  • 1
    @Pacerier: I'll take you up on that wager anytime. Note that the statement is that open source increases security, not that it results in perfect security. You can cite examples for bugs in OSS until the cows come home and it proves absolutely nothing to the contrary. There actually is proper research: archive.wired.com/software/coolapps/news/2004/12/66022 - yes, it's over 10 years old, but until you can find something concrete with contrary findings, it stands. Commented Jun 7, 2015 at 20:31