> How many operators of firewalls have both the time and the
> expertise to truly understand several thousand lines of someone
> else's source code? It may give you a warm fuzy feeling to have
> it, but unless you're going to take the time to go over it
> line by line and verify it, is it really going to help you?
applications that are either nonproprietary or GPL'ed or otherwise
supplied with source, especially popular applications, tend to have
a large number of people picking through the code. sometimes hundreds
or thousands. so bugs get discovered much faster, patches are generated
much faster, and it is a matter of patching and recompiling to fix the
bug even if you have not been actively hunting for them yourself.