Is Open Source Development Insecure?
FOSSBazaar is no longer being updated. The information on this site is preserved for your convenience but may be out of date. Please visit Linux Foundation's Open Compliance Program for current information and activities.
Ian Grayson discusses a report from Fortify Software which claims that "many widely used Open Source applications do not use recognised industry best practice when it comes to ensuring code is secure." Steven J. Vaughan-Nichols argues that while open source development is not perfect it's still the best way to develop software; "The Many Eyes approach isn't broken. It just needs to be taken for what it really is, just an excellent, but not miraculous, way of fixing software."