The Open Source Quality Challenge

Steve Bellovin, one of the pioneers of Internet security wrote a blog post about security, open source, and secure development process.  It’s worth reading if you’re an open source fan, or if you’re not.

My one quibble is that Steve refers to fixing bugs in a way that implies that just fixing bugs improves security.  Our experience is that fixing bugs is not enough – you have to use tools and processes that specifically prevent security bugs from getting into the code in the first place.

But that’s a minor quibble.  I think Steve’s post is right on and a great read.

About the Author
Steve Lipner

Partner Director of Software Security, Trustworthy Computing

Steven B. Lipner is Partner Director of Software Security in Trustworthy Computing Security at Microsoft. He is responsible for programs that provide improved product security for Microsoft customers. Lipner leads Microsoft’s Security Development Lifecycle (SDL) team and is responsible for Read more »

Join the conversation

  1. t-scotmc

    But would he really feel that Firefox was more secure than it is now if they decided to only ship updates every other Tuesday?  I doubt it.

Comments are closed.