13 Aug
2005
13 Aug
'05
2:32 p.m.
Rich Kulawiec wrote:
More bluntly: the closed-source, "faith-based" approach to security doesn't cut it. The attacks we're confronting are being launched (in many cases) by people who *already have the source code*, and who thus enjoy an enormous advantage over the defenders. TBH though, usually the open source "faith based" approach to security doesn't cut it either. its easy to say "its open source, therefore anyone can check the code" but much harder to actually find someone who has taken the time to do it....