undefined | Better HN

0 pointsa13692099937y ago0 comments

No, it's not and has never been; you have it backwards. Closed-source code is guaranteed[0] to be insecure, open source code may or may not be secure. New open source code is almost certainly insecure for much the same reasons closed code is insecure, but trends toward security over time as more people inspect it and fix security holes.

0: In the same sense that the hash of a arbitrary string is guaranteed to not be all-bits-zero or that a fair coin is guaranteed not to come up heads 100 times in a row.

0 comments

dvfjsdhgfv7y ago

I don't claim that the "Linus's law" is true, I only point out it was used by some open source evangelists. It took decades and a few high-profile bugs to show it's not that simple.

As to the core of your argument, I think your position is too extreme. It depends very much if the software was developed using formal methods and a specialized language. Safety-critical systems are rarely open source, and yet a lot of effort and resources is put to make them secure. That other project choose time-to-market rather than security is their choice, not something inherent to open or closed-source software.

j / k navigate · click thread line to collapse

0 pointsa13692099937y ago0 comments

0: In the same sense that the hash of a arbitrary string is guaranteed to not be all-bits-zero or that a fair coin is guaranteed not to come up heads 100 times in a row.

0 comments

dvfjsdhgfv7y ago

I don't claim that the "Linus's law" is true, I only point out it was used by some open source evangelists. It took decades and a few high-profile bugs to show it's not that simple.

j / k navigate · click thread line to collapse