From: "Geo." 

"Tony Williams"  wrote in message
news:3de9007f$1{at}w3.nls.net...

> > are the same people who widely scrutinized the original module that has
the
> > "security exploit" going to be doing the scrutinizing of the fix?
> >
>
> I would think so, as well as others who know their track record...

What motivation do they have to do a good job, does their livelyhood depend
upon the reputation of this code?

I can go on and on with this but the net result is that from my pov,
security wise there is little difference between open and closed source
programs. As proof, check the CERT top ten list and determine which of the
top 7 are open/closed source.

http://www.sans.org/topten.htm

1. BIND
2. Vulnerable CGI programs and application extensions (e.g., ColdFusion)
installed on web servers.
3. Remote Procedure Call (RPC) weaknesses in rpc.ttdbserverd (ToolTalk),
rpc.cmsd (Calendar Manager), and rpc.statd that allow immediate root
compromise
4. RDS security hole in the Microsoft Internet Information Server (IIS) 5.
Sendmail and MIME buffer overflows as well as pipe attacks that allow
immediate root compromise.
6. sadmind and mountd
7. Global file sharing and inappropriate information sharing via NetBIOS
and Windows NT ports 135->139 (445 in Windows2000), or UNIX NFS exports
on port 2049, or Macintosh Web sharing or AppleShare/IP on ports 80, 427,
and 548.

seems open/closed source makes no difference to me..

Geo.

--- BBBS/NT v4.01 Flag-4