8 New Vulnerabilities Discovered in Firefox 1.0


So much about how “securely” open source software is written. I have said it all along: the same kind of engineers who work for MS or Apple, are the same kind of developers who do OSS software. OSS devs are NOT inherently “more intelligent” than the engineers who work on closed source. They do similar development decisions more often than not.

I am writing this with uber-sarcasm, because for 6 years now, I had ENOUGH of all these idiots on the online forums advocating how much “secure” OSS is. It’s not. Or, it’s not more than an equivelant Windows or OSX application. It’s just that OSS software is not used as much as Windows software is and so nobody CARES to break into such boxes and take advantage of their vulnerabilities. It’s more FUN to try to fuck up some windows’ user box and then spread it to some more millions of users than to have a limited success with the varieties of Linux users.

You see, with Unix and Linux this can not happen as easily, because of binary compatibility issues, or because most users don’t run as root. But the point remains: the actual software is not more secure than Windows’ equivelant software CODE-wise (remember, I mean code-wise application per application, NOT as a generic result of a whole OS). If more OSS software was running on Windows, they would be targetted by hackers as well. And the proof is Firefox. Firefox is the “golden child” of the OSS scene, and because now it’s so widely used, security firms or hackers ARE trying to find holes in it, just as they did with IE for years now.

I am sure that if Konqueror or Lynx were to be ported on Windows natively *and* become as successful as IE or Firefox are, everyone would be on their tail as well.

Writing secure software is EXPENSIVE. It means that each line of code must be fully tested and *properly* QA’ed (most OSS software is beta tested, but not QA’ed, these are different notions). And doing just that requires TIME, and MONEY. And it is NOT a glorious job to do. It’s a TEDIOUS job to do. And that’s why there is so much bad, unsecure software out there today: because no one wants to take the time to properly QA their projects. Be it Microsoft, Apple or Joe OSS-Developer.

Thankfully, some people DO get it, even on Slashdot: here or here.

Comments are closed as this blog post is now archived.

Lines, paragraphs break automatically. HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

The URI to TrackBack this blog entry is this. And here is the RSS 2.0 for comments on this post.