[Linux-aus] Open Source Security and the Mozilla Metrics Program

James Turnbull james at lovedthanlost.net
Sat Jul 5 01:28:16 EST 2008


Chris Fordham wrote:
 > To those of us who have spent time getting to the bottom of both
> discussions there haven't been a lot of data and statistics with any
> real science associated with them.  Indeed a lot of the metrics used by
> the security researchers and media are outright unreliable and
> occasionally subject to some bias.
> 
>> Why would Secunia not be reliable?
> 

It's not that a single or any bug tracking entity is unreliable but
rather that their results have been used and abused by a number of people.

Please note I did not single out anyone but it must be said that many
people have used bug tracking and other statistics both out of context
and sometimes with distinct bias to claim open source software is
inherently not secure. As a security professional and an open source
advocate I don't see this as clear cut or reasonable.

The approach this new project has taken - with a clear risk-based view
and with the focus on secure development - presents a new opportunity to
provide data on the security of open source development projects.  I
welcome any such efforts and felt the community should be both aware of
that effort and potentially take the opportunity to contribute to it.

Regards

James Turnbull


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.linux.org.au/pipermail/linux-aus/attachments/20080705/6f68fc3f/attachment.pgp 


More information about the linux-aus mailing list