From: Tony Williams 

Geo. wrote:
> "Tony Williams"  wrote in message
> news:3DE660DA.7040905{at}blarg.net...
>
>
>>So the difference then becomes how long it takes to get the
>>vulnerabilities fixed and the fixes out to the users.
>
>
> Yes and one more issue as well. Suppose you find a function like printf()
> has a bug. With closed source only the vendor can locate all the other
> places that function is used and so the discovery of a bug in that function
> yeilds only one exploit. With open source the hackers immediately can grep
> source and find millions of places that the function is used and then begin
> to probe those areas for ways to exploit the problem. This creates a higher
> risk for those running systems built on open source because it leads to
> numerous exploits before the patches can be released. With the closed source
> the vendor is the only one who knows the other areas at risk so users are
> only exposed to a lesser risk level (vendor hacking).

Disagree. There are enough tools out there (e.g. nm, which is available on
Windows) to find out which functions a binary is using that the difference
between closed and open is negligible from a hacker's POV.

The difference is that the vendor of a closed source program is the only
one who can (legally) provide a fixed version, whereas if the app is
open-source it can be fixed by anybody.

--
Tony

--- BBBS/NT v4.01 Flag-4