View Single Post
  #5   (View Single Post)  
Old 4th March 2011
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,287
Default

Quote:
Originally Posted by c_moriarty View Post
But with a huge list of vulnerabilites in its software and nothing being done (at least quickly) to patch them, how secure could it possibly be?
The flaw in your argument is expecting third-party applications (on any platform) to have been sanitized, cleaned up, & sterilized to the point where no bugs exist. There isn't enough manpower in any Open Source project to make this kind of guarantee. Plus, if one project cleaned up all the vulnerabilities, flaws, & other imperfections found in a software package commonly used across multiple platforms, that sanitized version may not resemble the same package on a different platform.

As an example, look at Firefox -- a commonly used browser which is not terribly secure or well implemented. When I use this application on multiple platforms, I expect it to work reasonably the same. Yes, it would nice if the Open Source projects could figure out all of its ills, & while some bugs probably get reported back to the Mozilla project, OS project developers don't have enough personnel to painstakingly analyze each & every third-party application they host. It simply isn't feasible.

What operating system projects can strive for is to implement a platform where errant applications can't take down the remainder of the system. Hopefully, the programming interfaces exposed to applications is consistent, simple, & works as advertised.

So, when projects state how secure they are, they are referencing the base system which is under the total jurisdiction of the project developers themselves. Good as some projects may be, they have limited resources to dedicate to third-party applications.
Reply With Quote