https://lwn.net/Articles/38436/ This is a special feed containing comments posted to the individual LWN article titled "Reasoning Releases Results of a Software Code Audit of the Apache Web Server". en-us Thu, 06 Nov 2025 15:45:42 +0000 Thu, 06 Nov 2025 15:45:42 +0000 https://www.rssboard.org/rss-specification lwn@lwn.net https://lwn.net/Articles/38807/ https://lwn.net/Articles/38807/ mmealman That would be a true assessment if say they compared Apache 2.1 with the beta of ISS or the beta of some other commercial software. The summary of the study on their website didn't mention what they compared Apache to however.<br> Thu, 03 Jul 2003 17:26:23 +0000 https://lwn.net/Articles/38553/ https://lwn.net/Articles/38553/ piman This also depends on how you define a &quot;defect.&quot; Certain things, like a buffer overflow or a race condition, definitely are. But if Microsoft was auditing Outlook, the ability to run scripts automatically, or load images or links from remote servers, isn't a defect. If (say) OpenBSD was to do the audit, it definitely would be.<p>I don't know if the &quot;proprietary equivalents&quot; for webservers contain similar problems, but proprietary software seems to differentiate between &quot;design flaws&quot; and &quot;defects&quot; (the former never being fixed), where I find free software usually treats serious design flaws as bugs like any other.<p>Since Reason's methods seem to be automated, it's likely that they don't pick up these sort of problems. This isn't a jab at Reason, who seem to be doing interesting stuff (in research and in practice), but just a reflection on their results. Wed, 02 Jul 2003 04:51:45 +0000 https://lwn.net/Articles/38538/ https://lwn.net/Articles/38538/ iabervon Because they were specifically trying to determine if OSS gets written better, or if it gets debugged more effectively. The conclusion seems to be that there is not a significant difference in development, but that OSS becomes more stable as it matures. Of course, this makes sense under the &quot;many eyes&quot; theory, since a development version will contain a lot of code seen only by the author so far. They'd already done a study of mature software and found that OSS was substantially better, and they wanted to determine if OSS programmers were just more careful or something, or if the process caused it to improve over time. Tue, 01 Jul 2003 23:45:12 +0000 https://lwn.net/Articles/38524/ https://lwn.net/Articles/38524/ pate Any idea why they tested a development snapshot of apache for comparison against 'several proprietary equivalents'? Unless their comparison was made against pre-release versions of proprietary code, this seems like FUD rather than real information.<p>On the other hand, the reports are interesting, and could be of value to the apche developemnt community in finding and stomping on bugs. Hmm, maybe Reasoning should look at GCC.<p>-pate Tue, 01 Jul 2003 22:09:33 +0000