LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

the Linux process for generating many rare flaws

the Linux process for generating many rare flaws

Posted Jul 20, 2008 18:08 UTC (Sun) by zooko (subscriber, #2589)
In reply to: the Linux process for generating many rare flaws by nix
Parent article: Quotes of the week 

(About whether the Linux kernel development process is more likely to introduce security holes
than alternative development processes.)

"It isn't, of course."

What -- where do you get your confidence?  I think that it is plausible that the Linux kernel
development process produces more bugs and security holes than alternative processes, such as
for example the way that OpenBSD or Solaris are developed.  (I also think that the Linux
development process produces new features and improvements faster than the OpenBSD process
does.)

I'm not entirely confident of this -- I could be wrong.  But how did you become so confident
of the opposite hypothesis?

(Log in to post comments)

the Linux process for generating many rare flaws

Posted Jul 20, 2008 18:56 UTC (Sun) by nix (subscriber, #2304) [Link] 

The question was whether the problem was *unique* to Linux's development 
process. Of course it isn't. Proprietary systems have security holes too.

You don't need 'confidence' to know that.

the Linux process for generating many rare flaws

Posted Jul 20, 2008 22:01 UTC (Sun) by njs (subscriber, #40338) [Link] 

I read "it isn't, of course" as responding to my question about how black-hat scrutiny was
something unique to Linux's development process.  These threads get a little spread out...

I would still be curious to hear your response to my original post, because a priori I don't
see why any one of Linux/Solaris/OpenBSD's models should be better.  (Actually, I don't have a
lot of confidence in OpenBSD myself, because I've gotten the impression that in general it's
buggier -- probably just due to lack of manpower, and prioritizing security features
proportionately higher than non-security testing and bugfixes.  And I don't like non-security
bugs much better than security bugs.)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds