On Thu, 29 Jan 2004, Trevor Warren wrote:
Gnu/Linux and most other Open Operating systems have their fare share of security issues and ones that can be addressed in a very realistic fashion.
It's not just GNU/Linux or even operating systems that are susceptible to this. Any sufficiently large program has a high potential for security holes.
When writing a large program, it is quite likely that some security aspects will be missed while getting the program to actually work. This is where code review comes in.
With open source, it is easier for more people to inspect the code and warn the developers about potential problems before they are actually exploited.
An experience I had with libyahoo2:
The first release of libyahoo2 was 0.5. Very soon after that release, I received a bug report about a possible buffer overflow. 0.6 was released soon after with that fix in place.
Philip