In some mail from Gareth Howell, sie said:
[...]
> On point one, I would trust LINUX (or indeed any other freely available
> and widely used source code O/S) better than any non B class certified
> commercial product because there is sufficient public scrutiny of the
> source code to cause any such errors to either be eliminated, or at
> least be advertised.
I wonder, has anyone scrutinized it all ?
Even if the code is well segmented, it may not be a particular routine but
an interaction that is troublesome. The bigger it gets, the harder it is
to verify and nothing is getting smaller.
> On the second point, I would hazard a guess that LINUX et. al. have
> probably had more O/S testing (as opposed to usage) applied to them than
> most commercial O/S.
They get tried on a larger variety of hardware combinations, definately.
This doesn't necessarily have anything to do with it being better or more
secure.
On a separate thread, it is easier for a small (dedicated) group to work on
FreeBSD or Linux or NetBSD with security as a priority and have resulting
changes implemented that it is for a vendor who doesn't receieve a very
large % of requests where security is a concern to find a team of skilled
people and allocate time & money for the same to happen.
Darren
Follow-Ups:
References:
|
|
