Yesterday's "big" news was that some major open-source projects have security holes. At least, that's the news that the media reported. Undoubtedly, Microsoft and others will use these results in their competitive documents to suggest that open source is less secure than its proprietary brethren.
This, of course, would be the exact inverse of the lesson to take from the report.
The big news is that we even know. With a proprietary product, no one knows there are gaping security holes...until someone exploits them. Open source makes no attempts to obfuscate its strengths (and weaknesses), letting both the bad guys and the good guys discover the problems, with the latter fixing them more quickly (on average - it depends on the project) than proprietary vendors.
Indeed, of its results Coverity noted:… Read more