Gemal's Psyched Blog - Comments on Do Firefox browser bugs matter? http://gemal.dk/blog/2005/04/26/do_firefox_browser_bugs_matter/index.html No program is perfect, but bugs in open source software are less of a problem, says technology analyst Bill Thompson. The Firefox open source browser is full of bugs, some of which are rather serious. In March Danish security firm... en-us Copyright 2009 Wed, 28 Jan 2009 22:48:53 +0100 Mon, 16 Feb 2009 09:33:34 +0100 http://www.movabletype.org/?v=3.17 http://blogs.law.harvard.edu/tech/rss http://gemal.dk/ http://gemal.dk//pics/favicon.png Gemal's Psyched Blog By Alexander Krestinin What is interesting to me is that how many people outside devteam are reviewing patches and fixes devs provide?For my experience as OSS developer and user makes this statement rather doubtful. Seems like many say: "Oh I can look into the code and fix it by myself". This may be so for small projects with limited number of users. But speaking about big software projects like FF, is it so? Are there any figures like number of patches devs receive monthly form outer world comparing to the number of devs patches? What is interesting to me is that how many people outside devteam are reviewing patches and fixes devs provide?
For my experience as OSS developer and user makes this statement rather doubtful. Seems like many say: "Oh I can look into the code and fix it by myself". This may be so for small projects with limited number of users. But speaking about big software projects like FF, is it so? Are there any figures like number of patches devs receive monthly form outer world comparing to the number of devs patches?

]]> http://gemal.dk/blog/2005/04/26/do_firefox_browser_bugs_matter/#comment1?from=rss-comment http://gemal.dk/blog/2005/04/26/do_firefox_browser_bugs_matter/#comment1 Tue, 26 Apr 2005 12:53:52 +0100 Alexander Krestinin blog@krestinin.com By Kelson Another thing to consider: Many critics of open source contend that with the source code available, it will be easier for the black hats to find holes to exploit. Of course the white hats have access too.There's the standard OSS philosophy, that just having enough people looking will make it more likely that the good guys will find te bugs first, plus there's the fact that expert security researchers (Secunia, for instance) -- if they are so inclined -- are able to investigate OSS software more easily than closed source. Even if they're not the ones fixing the bugs, the fact that the good guys are finding them and telling the developers should, in theory, mean more rapid progress in fixing vulnerabilities on a high-profile OSS project than a high-profile proprietary one. Another thing to consider: Many critics of open source contend that with the source code available, it will be easier for the black hats to find holes to exploit. Of course the white hats have access too.

There's the standard OSS philosophy, that just having enough people looking will make it more likely that the good guys will find te bugs first, plus there's the fact that expert security researchers (Secunia, for instance) -- if they are so inclined -- are able to investigate OSS software more easily than closed source. Even if they're not the ones fixing the bugs, the fact that the good guys are finding them and telling the developers should, in theory, mean more rapid progress in fixing vulnerabilities on a high-profile OSS project than a high-profile proprietary one.

]]> http://gemal.dk/blog/2005/04/26/do_firefox_browser_bugs_matter/#comment2?from=rss-comment http://gemal.dk/blog/2005/04/26/do_firefox_browser_bugs_matter/#comment2 Tue, 26 Apr 2005 17:56:44 +0100 Kelson kelson@pobox.com By Block Sheep Bug 283730 matters!!https://bugzilla.mozilla.org/show_bug.cgi?id=283730 Bug 283730 matters!!
https://bugzilla.mozilla.org/show_bug.cgi?id=283730

]]> http://gemal.dk/blog/2005/04/26/do_firefox_browser_bugs_matter/#comment3?from=rss-comment http://gemal.dk/blog/2005/04/26/do_firefox_browser_bugs_matter/#comment3 Wed, 27 Apr 2005 02:46:46 +0100 Block Sheep gemal.dk@blocksheep.com