The future of opensource security

by
in ask on (#3P3)
story imageThe question arose out of the urgency of the heartbleed OpenSSL bug and the hurried round of patching that ensued: what is the future of opensource security management, and what can we learn from this crisis?

Shrikanth RP, executive editor for Times India writes:
A recent report by Coverity found out that the quality of open source surpassed proprietary projects with a defect density of 0.59 per thousand lines of code for open source compared to 0.72 for proprietary code scanned. Defect density (defects per 1,000 lines of software code) is a commonly used measurement for software quality. The report mentions that nearly 50,000 defects were fixed in 2013 alone - the largest single number of defects fixed in a single year. More than 11,000 of these defects were fixed by the four largest projects in the service: NetBSD, FreeBSD, LibreOffice and Linux. So, what do these statistics mean for open source security, and how must organizations look at open source security post Heartbleed?
Better peer review, more atomic code commits and checks, periodic, 3rd party audits: what should we be doing to improve the quality of our code?

Welcome Outsiders (Score: 0)

by Anonymous Coward on 2014-06-18 21:10 (#260)

For real. Many projects are still stuck in cabal mode, where the maintainers pay only lip service to community contributions. Often but not exclusively projects doing "open core" models.

When a project is really open to outsiders, it can encourage more eyes who (a) give a damn about the code quality and (b) are empowered to do something about it.

Oh, and document the thing.
Post Comment
Subject
Comment
Captcha
31, 25, seventeen and 21: the 1st number is?